InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

[SOLVED] XSS at wizard.com login

https://forums.informaction.com/viewtopic.php?t=8833

Page 1 of 1

[SOLVED] XSS at wizard.com login

Posted: Sat Jun 02, 2012 8:34 pm
by Lucas Malor

Code: Select all

[NoScript XSS] Sanitized suspicious upload to [https://accounts.wizards.com/remotel.aspx] from [http://community.wizards.com/go/network/login]: transformed into a download-only GET request.

Re: XSS at wizard.com login

Posted: Mon Jun 04, 2012 9:43 am
by Giorgio Maone
You probably just need to allow "accounts.wizard.com", or the whole "wizard.com".

Re: XSS at wizard.com login

Posted: Mon Jun 04, 2012 5:24 pm
by Lucas Malor
I removed the XSS exception and there's no more the error... oh well.

Re: [SOLVED] XSS at wizard.com login

Posted: Mon Jun 04, 2012 5:35 pm
by therube
(I thought that was going to be the Washington Wizards aka the Baltimore Bullets. And you thought Chicago was a dangerous town.)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited