alsoisp

I can’t send you the query here, please give me a mail to sent it.

Hello,
here is the original message:
Dear Sir/Madam,
I would like to report a XSS vulnerability that I have found on the alsoisp.de website. The
discovered vulnerability occurs because of incorrectly validated user input in the search function.
The vulnerability has been tested with the latest version of Firefox on Linux (Firefox 58.0.2 64-bit).
Reproduction
Go to: http://alsoisp.de/buchhaltung/
Enter the following XSS payload as search query:
“–!>
The JavaScript dialog will pop-up:
When we look at the source code we can see the JavaScript that was executed by the browser:
Mitigation
My recommendation would be to filter the search input for special characters used in HTML and
JavaScript.
I hope that my findings and report can contribute to a better and more secure website of the alsoisp
organization.

done 😉

Regards
Stephan

Hallo Tobias.

Kann ich gerne machen aber….. möchte ich nicht veröffentlichen. Wie kann ich dir diese zukommen lassen.

Gruss
Stephan