Search This Blog

Powered by Blogger.

Blog Archive

Labels

Metasploit website vunerable to Cross-site Scripting (XSS)


Security Researcher Fabián Cuchietti come with a Interesting xss vulnerability,he found Cross site scripting vulnerability in the Metasploit official website .

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own

"Microsoft Security Bulletin ID" field in the Exploits and Auxiliary Modules page vulnerable to XSS attack.  It seems that even Security giant make mistakes often.

Poc:
http://www.metasploit.com/modules/framework/search?bid=1&cve=1&msb=%F6%22%20onmouseover%3Dprompt%281111%29%20%2F%2F&osvdb=1&text=1&utf8=%C3%A2%C5%93%E2%80%9C

Share it:

Breaking News

Vulnerability

XSS Vulnerability