XenForo
Administrative
- Thread starter
- Admin
- #1
Hi, recently, I found an XSS vulnerability on one of the Russian-language forums. After several hours of research, the following was clear:
1. The forum where this vulnerability was noticed did not filter href. Therefore, it was possible to substitute the following script:
JavaScript:
It was successfully triggered. This allows you to intercept the cookies of other users.
2. This vulnerability was also noticed on the official forum. I was able to...
Read more
ادامه مطلب...
1. The forum where this vulnerability was noticed did not filter href. Therefore, it was possible to substitute the following script:
JavaScript:
javascript:alert(document.cookie)It was successfully triggered. This allows you to intercept the cookies of other users.
2. This vulnerability was also noticed on the official forum. I was able to...
Read more
ادامه مطلب...