Detailed information
http://nic.az saytinda domain yoxlama funksiyasında XSS var. Eksplotasiya etmək üçün "Upper-Case" outputu bypass etmək lazımdı. Aşağıda verdiyimiz PoC kodu BurpSuite və ya hansısa proxy tool ilə "domain" parametrini dəyişdirin.
PoC:
<a/href="javascript:alert(0)">Click ME!!!!!</a>
Comments
-
02 November 2016, 13:16
Vulnerability status
Have not any information from source -
04 October 2016, 10:03
Added point to Vulnerability
For translate of bug gived 6 point to translator -
04 October 2016, 10:03
Added point to Vulnerability
For translate of bug gived 1 point to translator -
14 September 2016, 10:47
Vulnerability status
Sended e-mail to source about vulnerability -
11 September 2016, 13:39
Added point to Vulnerability
Moderator gave 6 point from 10 to vulnerability -
11 September 2016, 13:37
Vulnerability status
Confirmed by Moderator -
08 September 2016, 16:20
Vulnerability added
Vulnerability added to BUGemot