Stored XSS (Cross Site Scripting) on Edmodo – SQLi Basic

Hi Edmodo,

Here is Shaifullah Shaon (Black_EyE), An Ethical Hacker.
a white hat cyber security researcher from Bangladesh reporting a serious
[3’rd ranking in OWASP] security vulnerability on your system.

I faced a technical security bug called “Stored XSS (Cross Site Scripting) on Edmodo”.

Now I exploited it. If you verify more, so you can see my video poc that was unlisted my youtube channel.

Let’s follow me,

1. I already Open my Account.
2. Just input payload into about information.
3. and as you see, Here is Also Popup Menu with domain name.

Now See Again, Here always be popup with domain name and it’s Stored into your database.

Please See my Video Poc for understand clearly. Hopefully Those are Very critical issue.
Resolve those issue as soon as possible.

Here is proof as video concept (unlisted):

Thank you
Shaifullah Shaon (Black_EyE)

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *
Email *