About a week before i reported an XSS vulnerability inside stumbleupon, I promised to disclose the vulnerability details once it gets fixed, Recently i received an email from stumbleUpon. They told that they have fixed the XSS vulnerability and they would like me to test it again if it's still vulnerable to the Cross site Scritping (XSS) attack. I tested the parameter and did not find any potential XSS inside it. Here is the email i received from stumbleUpon:
Vulnerability parameter:
http://stumbleupon.com/hostedbadge.php?s=1&r=XSS
The above parameter was vulnerable to a reflected cross site scripting attack, however now it's fixed and i don't see the issue any more.
0 comments:
Post a Comment