docpad-skeleton-nodechat icon indicating copy to clipboard operation
docpad-skeleton-nodechat copied to clipboard
verified publisher icon docpad-archive

XSS on User field

Open DinisCruz-QA opened this issue 12 years ago • 0 comments

Cross-site-Scripting payloads can be placed on the username field:

payload inserted: image

payload executed (after payload inserted): image

payload executed (on victim's browser image

for reference see:

  • https://vulnerabilities.teammentor.net/article/Cross_Site_Scripting_Attack
  • https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
  • http://beefproject.com/

DinisCruz-QA avatar Oct 19 '13 18:10 DinisCruz-QA