The principle of dominoes or XSS on large sites Runet

    On the registration page of the new account, the fields 'First Name' and 'Last Name' were not filtered, as a result of which it was possible to insert scripts and register the user whose name the script was (up to 80 characters). On itself, this vulnerability was not reflected in any way, but manifested itself on those sites that used authorization through, and on those sites that used authorization of sites that used authorization through :)
    That's how it was before fixing the vulnerability :

    So after:

    And so during (set 1080p for comfortable viewing):

    So it goes.
    It seems that at the time of writing this post already fixed this bug.

    My previous XSS

    UPD post : Received an email from the caliper. Vulnerability closed, thanked.

    Also popular now: