More things I found:
All accounts are created:
1. Before I thought you would just get that error and would not be registered. However, if you go back to the site, and login with the user/pass combo you registered with before the error, it will log you in. Leading me to believe that there was an error in the redirection/automatic loging in portion of the PHP code.
1. If you register with a name, like <script> alert("t") </script>, you'll get the error, but if you follow the steps I talked about above, it works. Though it doesn't show your name, the CSS is all off a bit, and at the top left there is a (" ';} "). (Note: I signed up with this account, so you can login with the username "<script> alert("t") </script>" and password "jill" if you'd like (without quotes, of course).)
2. On further inspection, in the source code, there is a welcome section in the HTML. It looks like this:
- Code: Select all
However, when using the above username (<script> alert("t") </script>), the script tags will be added to the HTML, thus, making it look like this:
- Code: Select all
Welcome <b><script> alert("t") </script></b>
3. After realizing this, I got the idea to try to make a username with an <a href> tag, to see if I could use it as a link, it worked. (Username: <a href="www.asdf.com">t</a> Pass: jill). In fact, I could click on the link as well. However, it then attempted to take me to "Edited out
", kinda messing it up, but the fact that with some fancy coding XSS is still possible remains. But, they did implement a way to stop XSS... Sort of. You're only allowed to use 30 characters, making longer injections/possible links harder. And, every link is appended to "Edited out
", so it ruins that option too. I am certain though, that someone, with much more knowledge than me, could find a way around this.