Computing Tips and News: XSS vulnerability in PhotoBucket and SecurityXploded

A Security Researcher kuksool from n0careteam, has identified Cross site scripting security flaw in two famous websites, Photobucket and SecurityXploded.

POC for photobucket [unfixed]:
*Load http://photobucket.com/plugin/search
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"

POC for SecurityXploded [FIXED]:
*Load http://securityxploded.com
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"

The researcher claimed to have reported to PhotoBucket team. Let us hope they will fix the vulnerability soon.

After i sent notification to SecurityXploded, they fixed the vulnerability immediately

Computing Tips and News

GET the NEW Apple iPhone 5 with your participation!

Tuesday, February 12, 2013

XSS vulnerability in PhotoBucket and SecurityXploded

No comments:

Post a Comment

Take a $1,000 Shopping Spree at Walmart with your participation!

WIN a $1,000 Visa Gift Card with your participation!