Created
April 11, 2017 00:20
-
-
Save Arinerron/4a4074a0054d8d0e87ccec53628354af to your computer and use it in GitHub Desktop.
Naviance CSRF+XSS / proof of concept
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It uses CSRF to make a new TODO note and set the name of it to an XSS payload. Then, it makes an iframe to load the page that lists the TODOs so that payload is executed.