Wix.com Cross Site Scripting

Posted on 04 December 2014

57 million web pages are affected by a security problem in wix.com Proof of concept of a web page made in wix.com: http://www.itsec.cl/ to see the source code can observe the following: ... Find the SEO content of this site's homepage via http://www.itsec.cl/?_escaped_fragment_= (That is where search engines like Google go to read your homepage's content.) ... tried to access an existing section and added a third invalid parameter, after that launched the attack code: Valid URL: http://www.itsec.cl/?_escaped_fragment_=partners/c1ryi/ XSS URL: http://www.itsec.cl/?_escaped_fragment_=partners/c1ryi/x"><script>alert('xss')</script> How cheap is expensive. /Devsec, Security Departament. Chile./

TOP

Malware :

None in database

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20