Buy Royal UI Officially! Contact Us Buy Now!
Home
Posts

Edmodo Stored Cross Site Scripting

Dipak Kumar Das

1. Create an new account of teacher and give the first name this " "><img src="x" onerror=alert(1)>" on https://www.edmodo.com/new-user
2. Now go to invite https://www.edmodo.com/home#/invitations here and invite an user/ teacher and when the user get email and click on the accept invite and he will
redirected to a page there the script will be executed
Here is a poc of an invite link : click here
 Reward: T-shirt , coffemug, Stickers and badges  

Seems Edmodo not fixing the issues 
As it not fixed yet if you try to report simple you will get a fucking line in reply "We are aware of this issue"
Previous
Next

2 comments

  1. Amazing trick
    1. what is the trick here
Post a Comment
  • A-
  • A+

© ADDICTIVE HACKERS. All rights reserved.

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
More Details
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.