Post
Topic
Board Investor-based games
Re: MEDIEVAL EMPIRES - medieval-empires.online - new browser economic game
by
DevSoft
on 27/01/2017, 12:58:38 UTC
Ok, I did contact the owner, before I publish this, but he seems to does not care, or thinks I am bullshitting, so here we go:

The web-site is Vulnerable to:

  • Cross site scripting attack
  • jQuery cross site scripting

(Both are very similar actually)



Cross site scripting

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

Want to test yourself?

1) Open recovery link: https://medieval-empires.online/recovery
2) Enter: "()&%
3) Press the button "Recover".

This way a hacker can even steal your sessions, and login to your account.