XSS Vulnerability - Discussion - DamenSpike Games HQ Forums

11th April 2015
2 views

XSS Vulnerability

Made by TimeLock in Bugs

Reply to this discussion

~~Banned~~

28 posts

38

Seen 21st April 2015

11th April 2015, 10:10 AM

Found a vulnerability it oldcp_api, it's not a serious one. But still Damen you should patch it.

http://blizzard.api.play.oldcp.biz/oldcp_api/login.php?Username=<script>alert("Got to love XSS")</script><h1>TimeLock rocks</h1>

1

+1 by trixie

Daymen

Administrator

Administrator

5,165 posts

37,117

Seen 16th December 2024

Drake

11th April 2015, 10:38 AM

Client's browsers don't run javascript or parse html from that resource when logging in via oldcp, it is no threat.

3

+1 by Maggie, Otaku Goldy and trixie

Signed, Damen

https://i.imgur.com/sKye1jH.png
https://i.imgur.com/BcMwmCh.jpg
https://i.imgur.com/Y70Pozp.png
https://i.imgur.com/rQ2aXmW.png

Login or join the forums to reply.