I have found and managed to exploit an XSS vulnerability on the site [csnsonline.org]
Previously it was reported by another investigator, the report [ID: OBB-207905]
Currently the site [csnsonline.org] has a WAF [ModSecuirty] which I managed to evade and exploit the XSS
PoC for [ID: OBB-207905]
PoC for [ID: 775162]
My report [ID: 775162] was rejected because it is clone, this is correct, despite the fact that it manages to exploit the failure and evade the WAF, which is not installed previously.
"clone"...?
Re: "clone"...?
We don't accept xss via sql injection errors
Who is online
Users browsing this forum: No registered users and 2 guests