XSS Exploit found

Some admin or mod pm me. I do not want to post it on the forums. I promise, it is definately an XSS exploit.

frantically begins search of exploit ^_^

Good work dude!! Go for HoF! Dont send you exploit, first try to hack something with it!

Good work Apollo maybe it can be helpful: http://www.portcullis-security.com/16.php

There are some XSS holes in this site, no doubt about that :p

Cheese promised me HoF for one I found some months ago, but it hasn't been patched yet :angry:

Yeh, in the msg system…enough:p

No HoF for simple XSS becouse hbh have ip encrypted cookies, so try to use the vuln to exploit something different that a cookie stealer. I readed something like persistent xss that worked as keyloggers, but idk more.

This may be good…

This is the best XSS Paper i've seen…!! <<but in torrent>>

Why don't you pm admins?

he did i think…

Finding XSS holes on this site isn't hard, there's a few of mine listed on the bugs page. Larika: stealing cookies isn't nearly the only thing that can be done with XSS.

Note how this site doesn't require your old password to change your current password or your email address.

It would be quite possible to create an XSS which changes your current password to a random long string, changes your email address to mine and then sends me your new password. I've just stolen your account.

Alternatively if you have told your browser to store your username and password for your account I can steal that (which of course is in plaintrext). I did that to Cheese, that's how I got the HoF entry.

I can send you to another site to XSS you there. I can do recon on your borwser (check your browsing history, what extensions you have installed etc)

XSS is NOT only for stealing cookies and XSS holes should therefore be fixed quickly.