Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Can i do this ?
Posted by: Ryonan
Date: September 18, 2009 06:05AM

Hello,
i've found an XSS on a well-known site, the XSS is in the index page which has nothing to do with infection but there is a forum on an add-on domain like this :
index page : http://site.com/s=XSS
forum : http://site.com/forum
my question is : can i use XSS to ask the user post some topics in the forum, i think the post request in ajax will be somethings like :
################################
url="/forum/add.php?id=new post"
################################
is this possible ? , if so, will any kinds of forum be victim of XSS with a XSS bug in the main page ?
Thx

Options: ReplyQuote
Re: Can i do this ?
Posted by: Matt Presson
Date: September 18, 2009 10:24AM

As long as the user is logged into the forum it should succeed as they are both on the same domain.


-Matt

Options: ReplyQuote


Sorry, only registered users may post in this forum.