blackspiderconsulting / bodgeit

Automatically exported from code.google.com/p/bodgeit
0 stars 0 forks source link

Additional XSS attack not counted as a passed challenge #6

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
You can do an XSS attack on the Login form that does not count for any 
challenge result:

1. Go to http://localhost:18080/bodgeit/login.jsp
2. Provide Username user1@thebodgeitstore.com') --<script>alert("XSS")</script>

Original issue reported on code.google.com by bjoern.k...@gmx.de on 9 Aug 2013 at 8:08