diff options
author | http://smcv.pseudorandom.co.uk/ <smcv@web> | 2015-03-30 06:55:39 -0400 |
---|---|---|
committer | admin <admin@branchable.com> | 2015-03-30 06:55:39 -0400 |
commit | c68c044d8743d83ae5a845a2c800a3b03a7d7350 (patch) | |
tree | 27183cc860f7783ba8aa15523c5e4574ad5e06d6 /doc/bugs/XSS_Alert...__33____33____33__.mdwn | |
parent | 3ca8255a11b2769fb6193cae9962370f4dba6397 (diff) | |
download | ikiwiki-c68c044d8743d83ae5a845a2c800a3b03a7d7350.tar ikiwiki-c68c044d8743d83ae5a845a2c800a3b03a7d7350.tar.gz |
rename bugs/XSS_Alert...__33____33____33__.html to bugs/XSS_Alert...__33____33____33__.mdwn
Diffstat (limited to 'doc/bugs/XSS_Alert...__33____33____33__.mdwn')
-rw-r--r-- | doc/bugs/XSS_Alert...__33____33____33__.mdwn | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/doc/bugs/XSS_Alert...__33____33____33__.mdwn b/doc/bugs/XSS_Alert...__33____33____33__.mdwn new file mode 100644 index 000000000..436e3faae --- /dev/null +++ b/doc/bugs/XSS_Alert...__33____33____33__.mdwn @@ -0,0 +1,29 @@ +Respected Sir, +Your website "webconverger.org" is vulnerable to XSS Attack. + +Vulnerable Links: +webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1 + +How To Reproduce The Vulnerability : +1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1 +2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload +3. forward the request + +XSS Payload : +1. "></script><script>prompt(909043)</script> +2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script> +3. "></script><script>prompt(document.cookie)</script> + +NOTE : Proof of concept is attached. + + +Thank You...!! + + +Your Faithfully, +Raghav Bisht +raghav007bisht@gmail.com + +> Thanks Raghav for reporting this issue. I've fixed it in ikiwiki. +> +> --[[Joey]] |