Tag: xss vulnerability

SMARTSHEET XSS VIA FILE UPLOAD

Hi, today I want to explain XSS vulnerability that I found on Smartsheet.com. Smartsheet XSS vulnerability is an interesting vulnerability because it occurs via file upload! By the way I want to clarify that, this XSS works with or without authorization, so it is dangerous vulnerability as well as interesting. What is Smartsheet and more…


ITSLEARNING STORED XSS VULNERABILITY OR NOT?

I’ve found an stored XSS on itslearning education system works without even autorized. Hacker can do lots of things via Itslearning stored XSS vulnerability. This XSS works without any authorization, so it is more dangerous than usual XSS. Payload : I use <svg/onload=prompt(1)> but almost every payload works. PoCs about itslearning stored XSS  Redirect via XSS; https://files.itslearning.com/data/2099/13132/xss.html Alert…


-------------------------------------------------------------------------------------------------------------------------Mustafa Kemal Can-------------------------------------------------------------------------------------------------------------------------