Hi Edmodo,

Here is Shaifullah Shaon (Black_EyE), An Ethical Hacker.
a white hat cyber security researcher from Bangladesh reporting a serious
[3’rd ranking in OWASP] security vulnerability on your system.

I faced a technical security bug called “Stored XSS (Cross Site Scripting) on Edmodo”.

Now I exploited it. If you verify more, so you can see my video poc that was unlisted my youtube channel.

Let’s follow me,

1. I already Open my Account.
2. Just input payload into about information.
3. and as you see, Here is Also Popup Menu with domain name.

Now See Again, Here always be popup with domain name and it’s Stored into your database.

Please See my Video Poc for understand clearly. Hopefully Those are Very critical issue.
Resolve those issue as soon as possible.

Here is proof as video concept (unlisted): https://youtu.be/VnjcE_7b7F0

Thank you
Shaifullah Shaon (Black_EyE)
shaon.durjoy@gmail.com




Leave a Reply

Your email address will not be published. Required fields are marked *

Name *
Email *
Website