Hacker, Researcher and Author.

ifixit.com Stored XSS Vulnerability


Well, it has been a long time, since i haven't posted any thing, i was a bit busy with my university exams, However, finally i managed to get some time to write something, Today i am sharing some of the vulnerabilites i found inside a popular website named "ifixit".

I found two XSS one was a Stored XSS and a second one was a Self XSS, However the Self-XSS could have been easily exploited by Clickjacking techniques as the page did not contain X-Frame options, Therefore the Self-XSS was also considered.
I have created a short POC of the Stored Cross Site Scripting vulnerability (XSS), I hope you enjoy it:

iFixit Stored Cross Site Scritping [Video POC]:

iFixit Self-XSS POC


For the above vulnerabilities, i was listed inside ifixit.com's responsible disclosure page:


Along with it, they also sent me two T-Shirts, some stickers and a 54 bit driver toolkit:

5 comments:

  1. hey rafay happy new year! i m currently doing btech IT 1st year n i want to make career in hacking.. what courses i shud do after btech ?

    ReplyDelete
  2. See This Post I am Sure it will help you @Anonymous
    http://www.darksite.co.in/2013/01/what-should-i-do-if-i-am-interested-go.html

    ReplyDelete
  3. video is crrently unavailable

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.