Reflected XSS on business-blog.zomato.com - Part 2
Z
Zomato
Submitted None
Actions:
Reported by
dsopas
Vulnerability Details
Technical details and impact analysis
Hi guys,
I would like to report a reflected XSS on business-blog.zomato.com.
1. Open Chrome and Firefox (latest versions)
2. Open https://business-blog.zomato.com/wp-includes/js/plupload/plupload.flash.swf?target%g=alert&uid%g=hello&
3. Payload is executed
Check the attached screenshot.
Solution:
- Update WordPress to 4.5.2
- Update Plupload to latest version once released
Feel free to contact me if you need further assistance.
Best,
-David Sopas
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Generic