Following my penetration testing procedure I started off by looking at webpages that unauthenticated users can see and it wasn't long until I landed on the following webpage -
This page immediately stood out since the parameter "tags" was passing it's value directly into the source without any santisation so we had our first reflection. Identifying this reflection usually involves checking the source code and seeing how it handles special characters but thanks to an innovative tool created by @brutelogic for @brutalsecrets subscribers I could confirm the reflection in a matter of seconds.
I began with some basic vectors but had no luck, the vectors were just reflected as a normal tag would be so I tried some more abnormal tags and with the following "></option></select>< I got -
11th of April 2016 - Vulnerability report sent to Jive Software
11th of April 2016 - Vulnerability report sent to affected companies
13th of April 2016 - Vulnerability acknowledged by Jive Software
19th of April 2016 - Patch released by Jive Software
Cameron Dawe, Spam404 Founder