XSS vulnerability in gotoquiz

  • Locked due to inactivity on Dec 15, '17 3:54am

Thread Topic: XSS vulnerability in gotoquiz

  • avatar
    Jeeshan Hot Shot
    XXX vulneribility in gotoquiz*
  • avatar
    The Geek Expert
    no ur gay
  • Le1F Advanced
  • avatar
    WolfLove Hot Shot
    aw fuq u got me
  • avatar
    The Geek Expert
    haha rekt
  • avatar
    GTQ Guy Advanced
    [no urls]

    example there, pretty sure there are other places this would work
    What is the example?

    the cookie system is also pretty week
    Working on this.
  • avatar
    Magie Magic Senior
    Hey GTQ Guy, May I ask a question? Why are you so non active on your own site?
  • avatar
    GTQ Guy Advanced
    That's a good question. I definitely fell behind on keeping up with the users here. I'm still working on the site, preparing a big update to come soon.
  • avatar
    Magie Magic Senior
    A big update? Cool! I look forward to seeing it!
  • avatar
    The Geek Expert
    The example is at


    Pretty simple, mouse over and it auto logs you in to another account by modifying your cookies.
  • avatar
    Magie Magic Senior
    So anyone can just randomly log into my account because of the link you posted?
  • avatar
    GTQ Guy Advanced
    Fixed.

    Well that was some shoddy coding on my part. Thanks for the heads up.
  • avatar
    The Geek Expert
    Not as bad, but I found a further exploit of it where if a new line is in the url the redirect header will fail, forcing people to use a link which is vulnerable.

    "
    onmouseover="
    alert(document.cookie)
  • avatar
    The Geek Expert
    Also, think that can be combined with a logout url somehow (not tested yet)
  • avatar
    GTQ Guy Advanced
    I'm surprised I don't have validation on the URL formatting. Shame on me!

This thread is locked. You may not post.