While pen testing an internal website that is using miniprofiler, I found a persistent cross-site scripting vulnerability:
curl 'http://<victim website>/ILoveXSS?"\><script>alert(document.cookie)</script>'
Have the victim navigate to
http://<victim website>/mini-profiler-resources/results or email the share URL.
I looks like the
I'm not sure what version we are running internally but I'm assuming that it's a fairly recent release. The attack seems to require using curl to set everything up, I'm assuming that trying to use a browser to initiate the attack results in all the angle brackets and such being escaped.
Tested in Chrome and Firefox. Didn't bother with IE.