diff options
Diffstat (limited to 'doc/bugs/XSS_Alert...__33____33____33__.html')
| -rw-r--r-- | doc/bugs/XSS_Alert...__33____33____33__.html | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/bugs/XSS_Alert...__33____33____33__.html b/doc/bugs/XSS_Alert...__33____33____33__.html new file mode 100644 index 000000000..24a1a3af0 --- /dev/null +++ b/doc/bugs/XSS_Alert...__33____33____33__.html @@ -0,0 +1,25 @@ +Respected Sir, +Your website "webconverger.org" is vulnerable to XSS Attack. + +Vulnerable Links: +webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1 + +How To Reproduce The Vulnerability : +1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1 +2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload +3. forward the request + +XSS Payload : +1. "></script><script>prompt(909043)</script> +2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script> +3. "></script><script>prompt(document.cookie)</script> + +NOTE : Proof of concept is attached. + + +Thank You...!! + + +Your Faithfully, +Raghav Bisht +raghav007bisht@gmail.com |