Kartier Pohs

Saturday, August 22, 2015

Cross site scripting Vulnerability in Eset

This is my first finding in Bug hunting.I found Cross site scripting vulnerability on Eset's website.
So here i am going to share POC of this vulnerability to you.It will help you to understand the concepts of this vulnerability and you will learn how to find and reproduce this vulnerability.Below are the steps to reproduce the vulnerability.

[+]Website: http://eset.com.np[+]Vulnerable link : http://eset.com.np/inquiry/
[+]Vulnerability Type: XSS(Cross site scripting)
[+]Payload used:  "/><img src=x onerror=prompt(1)>
[+]Status: Patched

Reproduction Steps :
1-  Go to http://eset.com.np/inquiry/
2-  In the "First Name" and "Last Name" field use the above payload(make sure to type it manually).
And fill all other field with rough details.
4- Click on Submit Query button
5- You will get the "popup box" generated by XSS.

Snap Shot :
Cross site scripting Vulnerability in Eset

No comments:

Post a Comment

Copyright 2015 @ Yogesh Prasad