"clone"...?
Posted: Tue Mar 19, 2019 12:24 am
I have found and managed to exploit an XSS vulnerability on the site [csnsonline.org]
Previously it was reported by another investigator, the report [ID: OBB-207905]
Currently the site [csnsonline.org] has a WAF [ModSecuirty] which I managed to evade and exploit the XSS
PoC for [ID: OBB-207905]
PoC for [ID: 775162]
My report [ID: 775162] was rejected because it is clone, this is correct, despite the fact that it manages to exploit the failure and evade the WAF, which is not installed previously.
Previously it was reported by another investigator, the report [ID: OBB-207905]
Currently the site [csnsonline.org] has a WAF [ModSecuirty] which I managed to evade and exploit the XSS
PoC for [ID: OBB-207905]
PoC for [ID: 775162]
My report [ID: 775162] was rejected because it is clone, this is correct, despite the fact that it manages to exploit the failure and evade the WAF, which is not installed previously.