# Date: 26.03.2012
# Author: Sony and Flexxpoint
# Software Link: https://planner.zoho.com/login.do
# Web Browser : Mozilla Firefox
# Blog Flexxpoint: http://flexxpoint.blogspot.com/
# Blog Sony: http://st2tea.blogspot.com
# Site : http://insecurity.ro
# PoC:
http://st2tea.blogspot.com/2012/03/iframe-injection-zoho-planner.html
..................................................................
Well, we have simple IFrame Injection in Zoho Planner. A lot of fields in Planner vuln to IFrame Injection.
Some pics:
And we can share this page:
Links:
https://planner.zoho.com/public/9cFPJ%2B9AHivFeKtB5e%2B2xnTSQcOn7WCf
https://planner.zoho.com/public/9cFPJ%2B9AHivFeKtB5e%2B2xq%2BYywariZ7J
Video PoC: (simple)
and Cross Site Scripting:
Persistent XSS.
https://planner.zoho.com/public/umYocnKNsn3FeKtB5e%2B2xkj3SVhWUBnO
https://planner.zoho.com/public/umYocnKNsn3FeKtB5e%2B2xnTSQcOn7WCf
p.s. Iframe Injection we can see in the Bugtracker Zoho (change status).
0 comentarii:
Trimiteți un comentariu
Rețineți: Numai membrii acestui blog pot posta comentarii.