XSS in CloudFlare

#1 XSS

These are some of my duplicate vulnerabilities found. I just thought of sharing with you. Recently I found two POST XSS in CloudFlare and unfortunately I was not the first to report.
I found the first issue in the “Confirm Key Generator” dialog box.

View post on imgur.com

Let’s have a closer look at the URL.

/ajax/model-dialog.htm

It seems like an XMLHttpRequest object is used in the server side it accept our POST request. (more…)