Well, it has been a long time, since i haven't posted any thing, i was a bit busy with my university exams, However, finally i managed to get some time to write something, Today i am sharing some of the vulnerabilites i found inside a popular website named "ifixit".
I found two XSS one was a Stored XSS and a second one was a Self XSS, However the Self-XSS could have been easily exploited by Clickjacking techniques as the page did not contain X-Frame options, Therefore the Self-XSS was also considered.
I have created a short POC of the Stored Cross Site Scripting vulnerability (XSS), I hope you enjoy it:
iFixit Stored Cross Site Scritping [Video POC]:
iFixit Self-XSS POC
For the above vulnerabilities, i was listed inside ifixit.com's responsible disclosure page:
Posts
![SQL Injection Basics - Union Based [Detailed Tutorial]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjQpa2wuMB-m5CXPVf71GUOkfiIOQA8KTyQ-_zfAl0SZa23UBN1QJaO2ZMGRDZlmDJTYf2jJ4ik3Xnj1locc38Yv9l6VMxTWt32s86JtXtLABDn20DRuAcbLPKMb9m2hc6PDmjIjvU-us/s72-c/SQL-Injection-Attack.jpg)
No comments:
Post a Comment