XSS vulnerability in gotoquiz

• Locked due to inactivity on Dec 15, '17 3:54am

Thread Topic: XSS vulnerability in gotoquiz

• 

  Jeeshan Hot Shot

  7 years ago
  XXX vulneribility in gotoquiz*
• 

  The Geek Expert

  7 years ago
  no ur gay
• Le1F Advanced

  7 years ago
• 

  WolfLove Hot Shot

  7 years ago
  aw fuq u got me
• 

  The Geek Expert

  7 years ago
  haha rekt
• 

  GTQ Guy Advanced

  7 years ago
  [no urls]
  
  example there, pretty sure there are other places this would work
  What is the example?
  
  the cookie system is also pretty week
  Working on this.
• 

  Magie Magic Senior

  7 years ago
  Hey GTQ Guy, May I ask a question? Why are you so non active on your own site?
• 

  GTQ Guy Advanced

  7 years ago
  That's a good question. I definitely fell behind on keeping up with the users here. I'm still working on the site, preparing a big update to come soon.
• 

  Magie Magic Senior

  7 years ago
  A big update? Cool! I look forward to seeing it!
• 

  The Geek Expert

  7 years ago
  The example is at
  
  
  Pretty simple, mouse over and it auto logs you in to another account by modifying your cookies.
• 

  Magie Magic Senior

  7 years ago
  So anyone can just randomly log into my account because of the link you posted?
• 

  GTQ Guy Advanced

  7 years ago
  Fixed.
  
  Well that was some shoddy coding on my part. Thanks for the heads up.
• 

  The Geek Expert

  7 years ago
  Not as bad, but I found a further exploit of it where if a new line is in the url the redirect header will fail, forcing people to use a link which is vulnerable.
  
  "
  onmouseover="
  alert(document.cookie)
• 

  The Geek Expert

  7 years ago
  Also, think that can be combined with a logout url somehow (not tested yet)
• 

  GTQ Guy Advanced

  7 years ago
  I'm surprised I don't have validation on the URL formatting. Shame on me!

This thread is locked, therefore no new posts can be made.