# Date: 6.02.2012
# Author: Sony
# Software Link: http://springshare.com/libanalytics/
# Web Browser: Mozilla Firefox
# Blog: http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/libanalytics-springshare-cross-site.html
..................................................................
Well, we have xss in the login.php [Email]
Our xss code:
http://codepad.org/LqL68vIQ
Demo:
https://libanalytics.com/login.php?iid=1
Also..we can see who use LibAnalytics:
https://libanalytics.com/login.php?iid=1
https://libanalytics.com/login.php?iid=2
https://libanalytics.com/login.php?iid=3
https://libanalytics.com/login.php?iid=4
..
https://libanalytics.com/login.php?iid=100
https://libanalytics.com/login.php?iid=103
etc..
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.