Vansh Sharma & Vaibhuv Sharma from India Reported another important Cross site scripting XSS vulnerability in Yahoo subdomain as shown.
Vulnerable Link : http://au.tv.yahoo.com/plus7/royal-pains/
Proof of Concept : Search <img src="<img src=search"/onerror=alert("XSS")//"> in box.
Cross-site scripting ( XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users.
Vulnerable Link : http://au.tv.yahoo.com/plus7/royal-pains/
Proof of Concept : Search <img src="<img src=search"/onerror=alert("XSS")//"> in box.
Cross-site scripting ( XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users.
0 comments:
Post a Comment