XSS vulnerability in PhotoBucket and SecurityXploded

Sponsored Links
A Security Researcher kuksool from n0careteam, has identified Cross site scripting security flaw in two famous websites, Photobucket and SecurityXploded.

POC for photobucket [unfixed]:
*Load http://photobucket.com/plugin/search
* Enter the following code and hit enter:
 " onload=alert('xss!')>click me!"



POC for SecurityXploded [FIXED]:
*Load http://securityxploded.com
* Enter the following code and hit enter:
 " onload=alert('xss!')>click me!"

The researcher claimed to have reported to PhotoBucket team. Let us hope they will fix the vulnerability soon.

After i sent notification to SecurityXploded, they fixed the vulnerability immediately.
Category: /

Share this with Your friends:


About Author

, founder of E Hacking News, an Information Security enthusiast who has more interest in PenTesting and Malware analysis. You can find him on Google+ Profile , Twitter and Facebook.