Jump to content

Found A Security Flaw - Xss


Recommended Posts

We appreciate you letting us know about potential security issues.


From what I can draw from your report, the xss alert is showing up via a script you are running to monitor your browser for this kind of potential security vulnerability. Is the "xss_by_Faizan" your own script, hence the name association with your forum handle?


I'll definitely let the appropriate team know, and again we appreciate you flagging this.


As you've redacted the URL, I assume you are on the BitTorrent Client Help Center, and from the fragment I can see, it looks like you are looking at a specific article. Would you mind dropping in the URL, and letting us know whether it's just this page or the whole Help Center site?


Awesome, thanks!

Link to comment
Share on other sites

Thanks for the reply.

Actually, what I did was that I rated the page then I copied the source code of the image, pasted it in a text file, converted it into html and then opened that file from the computer. And there was this pop-up, not what I can do with this flaw is that I can upload that html file somewhere, craft a url with that file and makes someone open it, whenever someone will open it, the pop-up will be there. Its not exactly the flaw on the site, its a bit indirect but it's still affecting it. As it can leads to user cookies, session ids etc :) I didn't use any script, just a simple code.



Faizan Ahmad


It can effect almost every article. Again stating that it's a bit indirect exploitation. The image is attached.





Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...