goproblems.com

This website is prone to XSS.

for example, if you create an account and go to the box for personal information. and you type there the following
It will add an extra button with javascript code behind it. This means that basically anyone can just create their own forms by using that field and can make them submit things that address the php code on the server side.

so basically what i'm saying is... you can get logins, usernames, passwords, email addresses, all that good stuff by simply writing your own form that runs on the client side, but speaks directly to the server side.

Thank you very much for the report!
We regard that as a serious matter, and will fix it as soon as possible..

EDIT:
We have fixed the page you reported and some others.
Please let us know if you find any other problematic pages.
Thanks!

hi there, i appreciate you looking for XSS vulnerabilities. thanks!

however, in this case it's not a security problem: the only person you can attack is yourself. an XSS vulnerability only exists where the data one person can enter is visible to another. in this case, i believe i already filter the personal data when others look at it. if you can find a place where i don't, i'd love to see it, but the one you mentioned (and the others you changed, tails) were not problematic.

Hmm, I think someone could steal your password if you followed a link in which a script was embedded.

Oh, I think I've found another security problem... I'll send you an e-mail later, Adum.