his is a serious security issue, with potential implications that are only starting to be understood. However, it is critical to realize that this problem does not expose any way to break into the server itself. What it allows is for malicious attackers to potentially take control of the interaction between a user and a website. It is likely that the most serious thing that an attacker can potentially do in this situation is change how a page appears to a particular user.
Vulnerable Link : http://mitnicksecurity.com/workshop_signup.php
Vulnerable Textbox : strEmail is not filtered some html tags in textbox
Method: Post
Example payload: /"><iframe onload=alert(document.cookie)>
No comments:
Post a Comment