This site uses cookies. In order to read how we handle cookies please click here. Click on this message to accept and hide.
Перейти вверх
English, United Kingdom Svenska, Sverige
RSS
3.147.73.35.US.SSL
Новости Новости Работа Работа Сеть Сеть Форум Форум Галерея Галерея Хаблист Хаблист Инструменты Инструменты Статистика Статистика О нас О нас Войти Войти

Webroot's polish online shop vulnerable to the same XSS for 5 years

I discovered XSS vulnerability on Webroot's polish online shop 5 years ago. Today I thought that maybe I should check whether they learn from past mistakes. I have checked the same page: http://wrpolska.pl/sklep/search.php and it turned out to be still vulnerable to the same XSS I found 5 years ago...

PoC:

Код
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><h1>XSS found by Team Elite</h1>

Код
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><img src=http://te-home.net/images/logo.png>

XSS
XSS


Webroot has an article on their website titled: What exactly is Cross Site Scripting (XSS). Maybe it's time to use knowledge from this article to protect yourself?

Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
Написано Neo в 2018-11-08 21:50 3 likes

Комментарии

There are no comments for this news article, you can leave one here.
← AirDC++ 3.52 | FlylinkDC++ r504 →
3.147.73.35.US.SSL Авторские права © 2002-2024 Team Elite ⋅ Все права защищены ⋅ КукиПомощьСвязь 2 740 1190