So, the bug existed in "Tumblr option for adding your tumblr blog to your profile on WBO!
It was not filtering the user input, and as a result we were able to execute JavaScript in your profile page! As you can see in the screenshot below.
STEPS TO REPRODUCE:
- Go to your User control panel
- Click on edit profile
- And this code: "><img src="x" onerror=prompt(document.domain)>
- Go to your profile, the xss will pop-up
Moreover, the input was stored, so the site was also defaceable, and everytime a user opens the page, the xss will pop-up!
2 comments
Can you reach me hacking too???
Coin Casino - Claim Your Bonus Today
Sign up for a new account at 메리트 카지노 쿠폰 Coin Casino and 인카지노 get $10 free and $1000 in bonus money and $200 in bonus 바카라 chips. Claim your bonus now!
EmoticonEmoticon