Type: Non-persistent
Criteria: None
http://login.ijji.com/login.nhn?nextURL=%27);alert(%27xss%27);//
There is no criteria, as you can be logged in or not – though if you are, you will be logged out (naturally).
In a nutshell, double quotes are encoded, but single ones are not – and also, the nextURL parameter is carelessly outputted straight into a script tag (for the loginENMLoginForm function).
Advertisement
