Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-29 18:59:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
520 Commits 2 Branches 2 Tags
Commit Graph

7 Commits

Author SHA1 Message Date
divinity76
d9cd81508b patch XSS vulnerability (#358) 
the powergamers page was vulnerable to XSS/javascript injection, this should fix it.

XSS screenshot: https://i.imgur.com/4rJuWqY.png
XSS POC:

<form action="https://<censored>/powergamers.php" method="POST">
<input type="hidden" name="days[]" value="3" />
<input type="hidden" name="days[]" value="1&lt;script&gt;alert(&quot;XSS running!&quot;);&lt;/script&gt;" />
<input type="submit" value="click here to start xss" />
</form>
 2019-04-19 21:23:57 +02:00
Atte
a8b4a57cb4 Minor fix 2015-03-30 18:43:30 +03:00
Atte
3b6c2ba9b0 Powergamers sort by vocations and days 
Ability to sort by vocations and days, any suggestions?
Test: http://ducates.net/powergamers.php
 2015-03-06 16:39:10 +02:00
Atte
34ab5bf06a Update powergamers.php 2014-09-10 15:35:37 +03:00
Atte
91b973b0a9 Update powergamers.php 2014-09-10 01:15:37 +03:00
Atte
050fb6edde Update powergamers.php 2014-09-10 01:09:06 +03:00
Atte
e62e35f5c3 Create powergamers.php 
Please tell me if there are any mistakes or how to improve it.
I am quite beginner with SQL, not even 100% sure if it works as it should.

So, if you see anything wrong with it please let me know :)
 2014-09-02 18:39:50 +03:00