Bugtraq mailing list archives
Re: GamePlay.co.uk XSS
From: Patrick Morris <patrick.morris () hp com>
Date: Tue, 13 Jun 2006 18:10:40 -0700
On Sat, 10 Jun 2006, charlie () thehackersplace org wrote:
The current password is not necessary for a successful password change for members of gameplay.co.uk which makes changing passwords through scripts as easy as tying your shoe lace. (https://shop.gameplay.co.uk/gameplay/changepassword.asp) I tried emailing these clowns about their silly flaws, but I had no joy.
If you are not logged in, that URL takes you to a login page, where you *do* need to enter a correct username and password. I'm not sure what happens if you've already logged in with a valid account.
Current thread:
- GamePlay.co.uk XSS charlie (Jun 13)
- Re: GamePlay.co.uk XSS Patrick Morris (Jun 17)