[intensedebate.com] XSS Reflected POST-Based
Low
A
Automattic
Submitted None
Actions:
Reported by
fuzzme
Vulnerability Details
Technical details and impact analysis
## Summary:
Hello, i have found a XSS Reflected POST-Based in `https://www.intensedebate.com/ajax.php`.
Vulnerable(s) URL :
```POST /https://www.intensedebate.com/ajax.php```
Vulnerable(s) Parameter(s):
```
$_POST['txt'];
```
Payload
```
azertyuiop<<><img+src="x"/onerror="prompt(document.cookie)">
```
##Steps to reproduce
1. Open the xss.html and will you see a javascript pop-up
You can also follow me into the video POC.
Thank you, good bye.
## Impact
A attacker can perform a phishing attack or perform a CORS attack
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected