XSS in dailym0ti0n

XSS in dailym0ti0n

Hi Friends
I found XSS in dailym0ti0n.com
90days completed long ago and  still not patched
So i am sharing that POC with You

here is the mail that i sent

hi Sir
I am a security researcher and i found that your domain is vulnerable
Vulnerability type : XSS ( Cross Site Scripting)
i also mention the vulnerable parameter in concerned box
here again :
http://www.dailym0ti0n.com/player.php?video_id=”/><svgonload=prompt(document.domain)>

So here by Executing this Your site will prompt

daily motion

here is the video poc which i sent

Thanks
regards
Tayyab qadir

Leave a Reply

Your email address will not be published. Required fields are marked *

two + 4 =