Wrong vulnerability type?! is a xss and i reported as been a xss, what you mean wrong?

Your experience of helping website owners
Locked
PauloChoupina
Posts:12
Joined:Tue Mar 12, 2019 10:53 pm
Wrong vulnerability type?! is a xss and i reported as been a xss, what you mean wrong?

Post by PauloChoupina » Mon Nov 18, 2019 2:40 am

1019244

yo i reported this as a Cross Site Scripting, and it is indeed a Cross Site Scripting..

Why you saying it was the "Wrong vulnerability type" ?!

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Wrong vulnerability type?! is a xss and i reported as been a xss, what you mean wrong?

Post by x1admin » Mon Nov 18, 2019 7:34 am

PauloChoupina wrote:
Mon Nov 18, 2019 2:40 am
1019244

yo i reported this as a Cross Site Scripting, and it is indeed a Cross Site Scripting..

Why you saying it was the "Wrong vulnerability type" ?!
We don't accept xss via sql inj errors

PauloChoupina
Posts:12
Joined:Tue Mar 12, 2019 10:53 pm

Re: Wrong vulnerability type?! is a xss and i reported as been a xss, what you mean wrong?

Post by PauloChoupina » Mon Nov 18, 2019 2:56 pm

wtf it is not a Sql injection is a straight foward reflected cross site scripting in a vulnerable parameter.

the payload is: </script><svg onload=alert()>

wtf you doing?

iamParagBagade
Posts:13
Joined:Mon Mar 30, 2020 5:31 am

Re: Wrong vulnerability type?! is a xss and i reported as been a xss, what you mean wrong?

Post by iamParagBagade » Tue Apr 21, 2020 3:53 am

Hello admin...

I reported a stored XSS and also provided login id and password ...

So how it can be wrong type of Vulnerability ?

Fix this 1148098

Thanks...

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Wrong vulnerability type?! is a xss and i reported as been a xss, what you mean wrong?

Post by x1admin » Tue Apr 21, 2020 8:13 am

iamParagBagade wrote:
Tue Apr 21, 2020 3:53 am
Hello admin...

I reported a stored XSS and also provided login id and password ...

So how it can be wrong type of Vulnerability ?

Fix this 1148098

Thanks...
We don't accept xss via sql inj errors

Locked

Who is online

Users browsing this forum: No registered users and 2 guests