jueves, 13 de febrero de 2014

Stored XSS Segment.io [HoF, Fixed, T-Shirt]

Hi all! This time I am going to post one of the multiple XSS's which I found in Segment.io (segment.io).
This was one of the easiest XSS's which I have ever found.
To reproduce it:
  1. Go to the sign up form.
  2. Create a new user with random values, but type your XSS payload inside of the "Full Name" field.
  3. Click on the "Create a new free account" button.
  4. You'll get your XSS alert.
I must say this: I really appreciate their Security Team guys!
Their security page with my name listed: https://segment.io/security-response

Proof of Concept and T-Shirt picture:

Kind regards!

1 comentario:

Please, leave a comment! Thank you!