Hi Guys, this is my first blog if
I do something wrong forgive me, I am going to show one of my interesting
finding which I found when I was new in security field. Still I'm new and tries
to learn new things every day.
I found persistent cross site
script in one of website. I cannot tell you the website name hope you will not
mind. In this web application FistName
and LastName was vulnerable, but when I enter payload in input field and save,
payload was not executing.
I saw the FirstName and LastName
are showing above, then something came to my mind, I enter half payload in the
FisrtName field and other half in LastName field, whole payload were combined
and showing above, and guess this time it executed.
Below are the POC....
No comments:
Post a Comment