From ed200f20391ca9553b0e722f7938aeb2870e2e33 Mon Sep 17 00:00:00 2001 From: "https://www.google.com/accounts/o8/id?id=AItOawkl0wS6X0mzN8lb-SFh3ajLB-7ezwfwyTw" Date: Tue, 24 Mar 2015 01:51:44 -0400 Subject: [PATCH] --- doc/bugs/XSS_Alert...__33____33____33__.html | 25 ++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 doc/bugs/XSS_Alert...__33____33____33__.html diff --git a/doc/bugs/XSS_Alert...__33____33____33__.html b/doc/bugs/XSS_Alert...__33____33____33__.html new file mode 100644 index 000000000..24a1a3af0 --- /dev/null +++ b/doc/bugs/XSS_Alert...__33____33____33__.html @@ -0,0 +1,25 @@ +Respected Sir, +Your website "webconverger.org" is vulnerable to XSS Attack. + +Vulnerable Links: +webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1 + +How To Reproduce The Vulnerability : +1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1 +2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload +3. forward the request + +XSS Payload : +1. "> +2. "> +3. "> + +NOTE : Proof of concept is attached. + + +Thank You...!! + + +Your Faithfully, +Raghav Bisht +raghav007bisht@gmail.com