Questions or requests about submissions
Post Reply
Posts: 5
Joined: Mon Sep 04, 2017 6:30 am


Post by drok3r » Tue Mar 19, 2019 12:24 am

I have found and managed to exploit an XSS vulnerability on the site [csnsonline.org]
Previously it was reported by another investigator, the report [ID: OBB-207905]

Currently the site [csnsonline.org] has a WAF [ModSecuirty] which I managed to evade and exploit the XSS

PoC for [ID: OBB-207905]

PoC for [ID: 775162]

My report [ID: 775162] was rejected because it is clone, this is correct, despite the fact that it manages to exploit the failure and evade the WAF, which is not installed previously.

User avatar
Site Admin
Posts: 2660
Joined: Sun Nov 15, 2015 7:04 pm

Re: "clone"...?

Post by x1admin » Tue Mar 19, 2019 5:36 am

We don't accept xss via sql injection errors

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest