XSS on yandex.ru
Yesterday, a friend of mine (LMaster) found passive XSS on Yandex. A specially formed address passed to the victim allows you to steal cookies. The GET add parameter is not filtered. To trigger the script does not require any user action.
Request: PS He himself does not have access to the hub The main theme . UPD: The vulnerability is closed. This has already been reported in the comments. Please do not create hundreds of answers: “Does not work!”
Request: PS He himself does not have access to the hub The main theme . UPD: The vulnerability is closed. This has already been reported in the comments. Please do not create hundreds of answers: “Does not work!”
_http://www.yandex.ru/?add=3188">&edit=1