Exploiting Stored XSS Vulnerability [VIDEO]

As soon as US Government launched their first Bug Bounty program “Hack the Pentagon“, I immediately jumped to check it.
I started looking at different web pages that they have and focused on their main page which can be accessed in the following link: http://www.defense.gov/

After wandering around for some time, I found a Stored XSS vulnerability in their Frequently Asked Questions (FAQ) page. In that page users can be registered with their profile and ask questions, which eventually some administrator will respond. The user registration form had many Stored XSS vulnerabilities, in which one exploitation demonstration is presented in the video above.

Published on: May 24, 2016 11:30 am