Showing posts with label About.me. Show all posts
Showing posts with label About.me. Show all posts

Wednesday, 16 October 2013

About.me Cookie Based XSS

About.me suffered from a Cross Site Scripting flaw I found a few days ago. The interesting thing about this flaw is that it was cookie based. The following post details how I found it and what I did to confirm that it was exploitable, it also discusses some interesting points to consider when you find a XSS triggered by Cookie Values.