Обход аутентификации

Iframe injection and self xss on over 20,000 websites of alexarank UA / RU

I decided to walk on the Ukrainian top of alexarank, began to look for vulnerabilities at gismeteo.ua (20 place). There was a redirect to the Russian version (www.gismeteo.ru/soft/). I paid attention to technical support. The tech support was at gismeteo.userecho.com and was downloaded to gismeteo in the iframe: https://gismeteo.userecho.com/s/interframe.html?url=https://gismeteo.userecho.com/widget/forum/6-/?lang=ru&referer=https://www.gismeteo.ru/soft/&xdm_e=https://www.gismeteo.ru&xdm_c=default4178&xdm_p=1 Then there was a form for …

Iframe injection and self xss on over 20,000 websites of alexarank UA / RURead More »