The vulnerability was caused by a field of a form that was displayed back to the web interface without escaping the HTML characters. In the following code box I show the affected HTML:
An attacker could attempt to trick users into visiting a malicious URL such as https://www.tuenti.com/?m=Tusimtogo&func=index&siaccod=%22%3E%3Ch2%3E%3Cstrong%3EHELLO%20WORLD so that the arbitrary HTML code of the siaccod parameter would be executed on victim's web browser.
I reported the vulnerability to security@tuenti.com and in a few hours I got the following reply telling me that the bug had been fixed and thanking me.
The fix was as easy as removing the line that displayed back the content of the siaccod field.
On this page you may find best persuasive speech topics for college. Just take a look!
ReplyDeleteGreat Article IoT Projects for Students
DeleteDeep Learning Projects for Final Year
JavaScript Training in Chennai
JavaScript Training in Chennai
The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training
Dentistry Research Paper Writing Services have come up with Dentistry Writing Services for dentistry coursework writing service students in order for them to score straight A’s in their dentistry paper writing services.
ReplyDeleteQuite an interesting study in the field of communications. Now such topics are gaining popularity. Thanks to modern technologies in a short time you can get a ready-to-certify marketing plan , I take this opportunity thanks to https://essaysservice.com/marketing-plan-writing-service.html
ReplyDeleteTo prevent such situations use our articles written on this theme on nursing essay writing service to find out about these problems. There are usefull instructions on how to avoid these situations.
ReplyDelete