Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#14037 closed enhancement (fixed)

Attention!!! XSS In http://db.torproject.org/...

Reported by: mahitman Owned by: Muhammad Abdullah
Priority: High Milestone:
Component: Webpages/Website Version:
Severity: Keywords: XSS, website, subdomain
Cc: weasel Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

hi
I have found XSS(Cross Site Scripting) bug in one of your subdomain...

The bug exists in the following link..

https://db.torproject.org/search.cgi?authtoken=1%22%3E%3Ciframe%20src=%27%27%20onload=prompt%28document.domain%29%3E&id=

kindly fix, to ensure the security of your domain...

Hopping to get a bounty..

Regards
Muhammad Abdullah

Child Tickets

Attachments (1)

tor xss.png (90.3 KB) - added by mahitman 5 years ago.
POC..

Download all attachments as: .zip

Change History (4)

Changed 5 years ago by mahitman

Attachment: tor xss.png added

POC..

comment:1 Changed 5 years ago by arma

Cc: weasel added

comment:2 Changed 5 years ago by weasel

Resolution: fixed
Status: newclosed

I believe this has been fixed now. Thanks for your report. If you find anything else, please let us know.

comment:3 Changed 5 years ago by mahitman

Hi
Yes it is fixed .
Any acknowledgement or bounty???

Waiting
Muhammad Abdullah

Note: See TracTickets for help on using tickets.