HackerOne: Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP

Hi, I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the Cross-Origin-iframe being used by Marketo. This results in eavesdropping of the data being sent in the...

wunderground.com IFRAME Injection vulnerability

Vulnerable URL: https://www.wunderground.com/DisplayDisc.asp?DiscussionCode=BOX=MA=Boston" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 732 VIP website status:|...

Origin Null Vulnerability

rack-cors is vulnerable to an origin null vulnerability. When an iframe contains html code for its source instead of a URL, a website using rack-cors and allowing file:// does not prevent browsers to send null origins...

bu.edu IFRAME Injection vulnerability

Vulnerable URL: https://www.bu.edu/phpbin/lawyearbooks/results.php Details: Description| Value ---|--- Patched:| Yes, at 15.12.2017 Latest check for patch:| 15.12.2017 07:38 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 4258 VIP website status:| Y...

liveinternet.ru IFRAME Injection vulnerability

Vulnerable URL: http://www.liveinternet.ru/search/?q=test-2===" XANY Details: Description| Value ---|--- Patched:| Yes, at 12.09.2017 Latest check for patch:| 12.09.2017 11:05 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1054 VIP website status:|...

statecollege.com IFRAME Injection vulnerability

Vulnerable URL: http://www.statecollege.com/search/results.php?SearchString=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 238627 VIP website status:| No...

cxc.harvard.edu IFRAME Injection vulnerability

Vulnerable URL: http://cxc.harvard.edu/vguide/details.php?agascid='" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| ...

find.medinfo.ufl.edu IFRAME Injection vulnerability

Vulnerable URL: https://find.medinfo.ufl.edu/dosearch.php?name=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

cne.gov.co IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-213274 Description| Value ---|--- Affected Website:| cne.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

presscouncil.az IFRAME Injection vulnerability

Vulnerable URL: http://www.presscouncil.az/az/search.php?query= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 2227385 VIP website status:| No Coordinated...

androidappsgame.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-213269 Description| Value ---|--- Affected Website:| androidappsgame.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

appsonplaystore.com IFRAME Injection vulnerability

Vulnerable URL: https://appsonplaystore.com/search?q=" XANY Details: Description| Value ---|--- Patched:| Yes, at 17.02.2017 Latest check for patch:| 17.02.2017 05:01 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 641759 VIP website status:| No...

girly.today IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-213267 Description| Value ---|--- Affected Website:| girly.today Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

primeteensex.com IFRAME Injection vulnerability

Vulnerable URL: http://www.primeteensex.com/search.php?sq= XANY Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 15:21 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 18728 VIP website status:| Yes...

jet.com.br IFRAME Injection vulnerability

Vulnerable URL: http://www.jet.com.br/pagamento/bradesco/falha.asp?ErrorDesc=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 306123 VIP website status:| No Check...

memorials.com IFRAME Injection vulnerability

Vulnerable URL: http://www.memorials.com/index.php/fuseaction/home.search.php?searchstring=" XANY Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 15:16 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa...

etudiant.gouv.fr IFRAME Injection vulnerability

Vulnerable URL: http://www.etudiant.gouv.fr/rid16/toutes-les-actualites.rss?id=" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 22331 VIP website status:| Yes Check etudiant.gouv.fr SSL connection:|...

nzfood.com.my IFRAME Injection vulnerability

Vulnerable URL: http://www.nzfood.com.my/productinfo.php?id=11" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 8702114 VIP website status:| No Check nzfood.com.my...

crafthouseindia.com IFRAME Injection vulnerability

Vulnerable URL: http://www.crafthouseindia.com/search.php?skeywords= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 839315 VIP website status:| No Check...

pdfstuff4u.com IFRAME Injection vulnerability

Vulnerable URL: http://pdfstuff4u.com/search.php?q= XANY Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:25 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 276962 VIP website status:| No Check...