RXSS on landings/land/3/ron_clean_17_app3_alerts/index.php (mackeeperapp3.mackeeper.com)
Low
C
Clario
Submitted None
Team Summary
Official summary from Clario
### Summary Reflected Cross-Site Scripting attack on `mackeeperapp2.mackeeper.com`. The problem in `/landings/land/1/ron_cleanprot17/index.php` script that take any GET parameter and pass value of this parameter directly to HTML code of the page. ### Step to reproduce `http://mackeeperapp3.mackeeper.com/landings/land/3/ron_clean_17_app3_alerts/index.php?kola=bro"></options></form><img src=x onerror=alert(document.domain)>`
Actions:
Reported by
sec0ndw0lf
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$75.00
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected