marți, 7 februarie 2012

SeedWiki Cross Site Scripting

# Exploit Title: SeedWiki Cross Site Scripting
# Date: 8.02.2012
# Author: Sony
# Software Link: http://www.seedwiki.com/
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/seedwiki-cross-site-scripting.html
..................................................................

Well, we have xss in SeedWiki, in the login form or registration form.

Put our xss code :

http://codepad.org/LqL68vIQ

in the password or email or what you want and click button enter.

It's a Post Method.

Demo:

http://www.seedwiki.com/account.cfm?return_wiki=seed_wiki&return_page=seed_wiki

http://tinyxp.com/account.cfm?return_wiki=tiny_xp&return_page=tiny_xp

Publicat de Sony la 20:47
Etichete: ,

0 comentarii:

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.