Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
evite.com xss
Posted by: badsamaritan
Date: November 15, 2007 06:34PM

On evite.com when you create or edit an account your first and last name have no filtering at all. When you create and evite or reply to one your name is displayed for everyone :)...therefore xss on any evite you create or are invited to.

I would give you a poc but i would have to invite you all to my party.. and I don't like you guys THAT much ;)


ps: so much fun to play with the dom to change the location of your friends anniversary party to lets say...a strip club!

-matt
http://badsamaritan.net

Options: ReplyQuote
Re: evite.com xss
Posted by: rsnake
Date: December 10, 2007 05:34PM

But that _is_ where my friends have their anniversary parties.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote


Sorry, only registered users may post in this forum.