Faizann20 Posted January 4, 2015 Report Share Posted January 4, 2015 Hi, I am a bit of a security researcher (not a professional though). I was just testing the site when I came across this flaw. I want to report it to the team. They won't read the email seriously, any other method? Link to comment Share on other sites More sharing options...
N4TE_B Posted January 4, 2015 Report Share Posted January 4, 2015 We appreciate you letting us know about potential security issues. From what I can draw from your report, the xss alert is showing up via a script you are running to monitor your browser for this kind of potential security vulnerability. Is the "xss_by_Faizan" your own script, hence the name association with your forum handle? I'll definitely let the appropriate team know, and again we appreciate you flagging this. As you've redacted the URL, I assume you are on the BitTorrent Client Help Center, and from the fragment I can see, it looks like you are looking at a specific article. Would you mind dropping in the URL, and letting us know whether it's just this page or the whole Help Center site? Awesome, thanks! Link to comment Share on other sites More sharing options...
Faizann20 Posted January 6, 2015 Author Report Share Posted January 6, 2015 Thanks for the reply.Actually, what I did was that I rated the page then I copied the source code of the image, pasted it in a text file, converted it into html and then opened that file from the computer. And there was this pop-up, not what I can do with this flaw is that I can upload that html file somewhere, craft a url with that file and makes someone open it, whenever someone will open it, the pop-up will be there. Its not exactly the flaw on the site, its a bit indirect but it's still affecting it. As it can leads to user cookies, session ids etc I didn't use any script, just a simple code. ThanksFaizan Ahmad It can effect almost every article. Again stating that it's a bit indirect exploitation. The image is attached. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.