[XSS Stored] tumblr.com

sleed · November 19, 2014

Vulnerability: Multiple Cross Site Scripting Stored

Status: Raported

PoC*:

__________

___________

//Edit: Stiam asta Abraxys. Nu e in blogulmeu.tumblr.etc..

@quadxenon

Se executa prin post .

Edited November 19, 2014 by sleed
//Comment

abraxyss · November 19, 2014

"[yourblogname].tumblr.com can be the *source* of an exploit, but not the *target*. A post or theme which executes 'alert(document.cookie)' on your blog is not an eligible bug."

Say what

November 19, 2014

http://i58.tinypic.com/n63p7c.png

In url bar arata tumblr[.]com, iar in pop-up assets... sunt curios de vectorul tau ()

Anyway, bravo.

Aerosol · November 19, 2014

felicitari @sleed

dupa ce primesti confirmarea (daca le-ai raportat) sa postezi si tu vectorul.

quadxenon · November 19, 2014

http://i58.tinypic.com/n63p7c.png
In url bar arata tumblr[.]com, iar in pop-up assets... sunt curios de vectorul tau ()
Anyway, bravo.

Doar eu vad in imaginea aia tXmblr.com ?

Aerosol · November 19, 2014

Doar eu vad in imaginea aia tXmblr.com ?

nu, acum am observat si eu

The page at https://assetx.txmblr.com say:

Sign In

[XSS Stored] tumblr.com

Recommended Posts

sleed

abraxyss

Guest

Aerosol

quadxenon

Aerosol

Join the conversation

Browse

Activity

Pages