Reflected Cross Site Scripting on Private Program (Bounty:750$)
2020-11-27 16:03:12 Author: medium.com(查看原文) 阅读量:271 收藏

canmustdie

Hi guys, this is my first english write-up, so I’m sorry for my bad english grammar.

Obviously, I discovered a bug but I was not sure exactly what caused it. So I said, I have to investigate this case!

I found this worth exploring because this site did not seem to be receiving an input from me. However, the <script> tag I added to the end of the URL was revealing some characters on the page. (like: "}}] )

Image for post

But, how?

When I examined the source code, every value I added to the end of the URL was assigned to a JSON-generated variable. Then, I saw that the JSON data was put between<script> tag.

Just like that:

Image for post

At this point, all we have to do is close it using the </script> tag, then enter XSS payload.

Image for post

( sorry for the blur :) )

Finally;

target.com/affected/url</script><img src=xss onerror=alert(1)>

And it’s fixed!

Image for post

Thanks!!!


文章来源: https://medium.com/bugbountywriteup/reflected-cross-site-scripting-on-private-program-bounty-750-34cc67a931f1?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh