Zaption: XSS during presentation

It is possible for a presenter to xss a viewer Video attached: Recreation steps Create publish lesson and start a presentation join presentation in another browser Select "Quick question" Open response Insert the question asdf" The Javascript will fire on the presenter's side and the viewers side...

Zaption: Cheating at gallery rating

Hello! Example: http://www.zaption.com/listing/55aba5719c77e5386eb28df0 We can rate tour any mark by POST http://www.zaption.com/ajax/gallery/listing/tourid/rate/mark For example: POST http://www.zaption.com/ajax/gallery/listing/55aba5719c77e5386eb28df0/rate/100000000000000000 So, we have "curve"...

Zaption: Open redirect filter bypass

Hi , An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. its possible to bypass your redirect filter using :...

Zaption: Using GET method for account login with CSRF token leaking to external sites Via Referer.

HI At the time of login, the values are present in URL along with the CSRF token. Also this URL is leaking to external sites in HTTP REFRERER. Here are some of those sites: dxzc9stvaxhhy.cloudfront.net bam.nr-data.net ssl.google-analytics.com usage.trackjs.com api.mixpanel.com...

Zaption: XSS - Gallery Search Listing

HI. If you upload video having title with XSS payload. and search for the video, the dropdown listing will execute the payload. https://www.zaption.com/gallery/search?q=%3E%3Cimg I need not to upload the payload, I utilized already uploaded videos. You can also execute the payload by just start...

Zaption: [zaption.com] Open Redirect

PoC: http://zaption.com///www.google.com/%2f%2e%2e HTTP Response: HTTP/1.1 303 See Other Access-Control-Allow-Origin: Content-Type: text/html; charset=utf-8 Date: Wed, 28 Jan 2015 11:10:52 GMT Location: //www.google.com/%2f%2e%2e/...