StopTheHacker: XSS Reflected - https://www.stopthehacker.com/

2014-04-22T16:57:52
ID H1:9148
Type hackerone
Reporter dekeeu
Modified 2014-08-08T18:06:03

Description

Hi.

I want to report a Reflected xss vulnerability that I found in www.stopthehacker website and which can affect the safety of your users. This vulnerability allows an attacker to inject in web pages javascript content for sending malicious scripts to an unsuspecting user. This flaw can access any cookies, session tokens, or other sensitive information retained by victim's browser and used with that site. This flaw works only in IE browser.

Link: http://www.stopthehacker.com/?"><script>alert(document.cookie)</script> Steps for reproduce this vulnerability: Open the link above in IE and you can see that my javascript function alert() was executed.

Regards, Coltuneac Alexandru