XSS vulnerability in gotoquiz

  • Locked due to inactivity on Dec 15, '17 3:54am

Thread Topic: XSS vulnerability in gotoquiz

  • sadboy66 Newbie
    this is the geek but I was banned for finding this lol

    [no urls]

    example there, pretty sure there are other places this would work

    there is also this really wacky bug with blockquotes on gtq, if you post a string of unclosed strikethroughs then a string of unclosed blockquote tags gtq goes wild and replicates the strikethrough tags a lot
  • avatar
    The Geek Expert
    the cookie system is also pretty week and could reveal the password and username of a user from their cookies, which could be coupled with a request to change the password or post it
  • sadboy66 Novice
    >post an exploit that could be used to automatically change the password to something random for every gtq user
    >get ignored

    >post that someone called me gay
    >hundreds banned, cops called
  • avatar
    breadboy69 Novice
    Can the mods even do anything about that though?
  • sadboy66 Novice
    like, all gtq guy does these days is read mod talk
  • avatar
    Dark22978 Hot Shot
    i wish he read that forum
  • avatar
    Dark22978 Hot Shot
    His last post on there was an entire year ago
  • avatar
    The Coldest Sun Hot Shot
    Wait, who called you gay? Point me to the culprit. The hammer of justice will fall swiftly and without mercy on this degenerate. This issue has my undivided attention.
  • sadboy66 Novice
    no but I am somewhat gay so it is kind of justified
  • avatar
    The Coldest Sun Hot Shot
    oh
    carry on then
  • avatar
    The Geek Expert
    did some more testing and this can def be exploited to steal passwords
  • Le1F Advanced
    hack gtq guy
  • avatar
    The Coldest Sun Hot Shot
    I'm gonna assume GTQ Guy is dead since he won't answer anyone
    this is the end
  • avatar
    bladewolf Junior
    RIP GTQ Guy
  • avatar
    WolfLove Hot Shot
    geek is GAY?

This thread is locked. You may not post.