MetaQuotes Software Corp. is a B2B software development company established in 2000.
Since its establishment, the company has achieved outstanding success in developing and
delivering a stream of innovative products, services and solutions in the given field.
Working with some of the world leading business, it has earned the reputation as a supplier of the
most reliable software solutions.
Today its most successful product, MetaTrader 4, is the most popular Forex trading platform in the world.
--->> exploit title: MetaQuotes Xss Vulnerability
--->> author: Habib Havariyoon
--->> submit Date: 2016/10/19
--->> home address: http://www.metaquotes.net
--->> page: http://www.metaquotes.net/en/company/contacts
--->> proof of bug:
go to address http://www.metaquotes.net/en/company/contacts and at the contact me form we acn pentest xss vulnerability.
ok we can use this script:
"""/<?><script>alert('xss')</script>
now our result is a message into message box and it means this website have xss bug that we can steal admin cookies.
--->> screenshot of pentest:
https://i.imgur.com/nacRCgl.jpg
--->> thanks for CxSecurity Management group.