Restrict session to IP 

XSS in WeChall

Global Rank: 228
Totalscore: 94569
Posts: 1696
Thanks: 1365
UpVotes: 929
Registered: 17y 18d

Last Seen: 10h 4m
The User is Offline
XSS in WeChall
Google/translate16Thank You!1Good Post!16Bad Post! link
There was an XSS flaw found in the wechall website.

Quote from kwisatz


was prone to XSS.

The ajax=1 parameter turned everything vulnerable to XSS, because the content type is plaintext(no htmlspecialchars), but the header was missing.(content-type:text/plain).

I want to thank kwisatz for finding and reporting this flaw which affects pretty all of my websites :^)

The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Nov 03, 2011 - 04:18:29
tunelko, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 4697 times.