"clone"...?

Questions or requests about submissions
Post Reply
drok3r
Posts:5
Joined:Mon Sep 04, 2017 6:30 am
"clone"...?

Post by drok3r » Tue Mar 19, 2019 12:24 am

I have found and managed to exploit an XSS vulnerability on the site [csnsonline.org]
Previously it was reported by another investigator, the report [ID: OBB-207905]

Currently the site [csnsonline.org] has a WAF [ModSecuirty] which I managed to evade and exploit the XSS

PoC for [ID: OBB-207905]
Image

PoC for [ID: 775162]
Image

My report [ID: 775162] was rejected because it is clone, this is correct, despite the fact that it manages to exploit the failure and evade the WAF, which is not installed previously.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: "clone"...?

Post by x1admin » Tue Mar 19, 2019 5:36 am

We don't accept xss via sql injection errors

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests