MSDN Lab Microsoft - Content Spoofing / Text Injection

Vulnerable Product(s): MSDN Lab Microsoft
Affected Version(s): -
Vulnerability Typus: Content Spoofing / Text Injection

There are many different learning styles that reflect different individual preferences or ways to communicate ideas and information. MSDN brings learning information to you in a variety of styles to suit different developers' learning styles.

Technical Details:
Another example of a content spoofing attack would be to present false information to a user via text manipulation. An attack scenario is demonstrated below. For this scenario, lets assume proper output encoding HAS been implemented and XSS is not possible An attacker identifies a web application that gives recommendations to its users on whether they should buy or sell a particular stock.

PoC or Exploitcode:
hXXp://vulnerablesitem/mailform/Thanks.aspx?result=We Really Recommend You Sell This Stock Now &close=Close

Author/Group: Fahmi Fisal

Demo-URL: Really Recommend You Sell This Stock Now &close=Close
Fix or Patch: -

Postingan terkait:

Belum ada tanggapan untuk "MSDN Lab Microsoft - Content Spoofing / Text Injection"

Post a Comment