miércoles, 9 de abril de 2014

Ludei [Stored XSS]

Hello all! Sorry about the inactivity, but until the middle of May I will be taking my final exams, so I can hardly write...

This time I want to publish a Stored XSS which I found in the Ludei platform. I reported it via Twitter (I have not found any security mail): https://twitter.com/migueljimeno96/status/453960792220528640
Status: FIXED
Ludei says "we love HTML5", but they do not love their security ;)
To reproduce the vulnerability:
1. Create a new project.
2. Type your payload in the "project name" field.
3. As allways... all the rest are random values.
4. XSS!

We have our XSS.
One more time, sorry about the inactivity....


No hay comentarios:

Publicar un comentario

Please, leave a comment! Thank you!