This is my first finding in Bug hunting.I found Cross site scripting vulnerability on Eset's website.
So here i am going to share POC of this vulnerability to you.It will help you to understand the concepts of this vulnerability and you will learn how to find and reproduce this vulnerability.Below are the steps to reproduce the vulnerability.
[+]Website: http://eset.com.np[+]Vulnerable link : http://eset.com.np/inquiry/
[+]Vulnerability Type: XSS(Cross site scripting)
[+]Payload used: "/><img src=x onerror=prompt(1)>
[+]Status: Patched
Reproduction Steps :
1- Go to http://eset.com.np/inquiry/
2- In the "First Name" and "Last Name" field use the above payload(make sure to type it manually).
3- And fill all other field with rough details.
4- Click on Submit Query button
5- You will get the "popup box" generated by XSS.
Snap Shot :
So here i am going to share POC of this vulnerability to you.It will help you to understand the concepts of this vulnerability and you will learn how to find and reproduce this vulnerability.Below are the steps to reproduce the vulnerability.
[+]Website: http://eset.com.np[+]Vulnerable link : http://eset.com.np/inquiry/
[+]Vulnerability Type: XSS(Cross site scripting)
[+]Payload used: "/><img src=x onerror=prompt(1)>
[+]Status: Patched
Reproduction Steps :
1- Go to http://eset.com.np/inquiry/
2- In the "First Name" and "Last Name" field use the above payload(make sure to type it manually).
3- And fill all other field with rough details.
4- Click on Submit Query button
5- You will get the "popup box" generated by XSS.
Snap Shot :
No comments:
Post a Comment