Clickjacking Vulnerability to trigger Reflacted XSS

2 weeks ago 24
BOOK THIS SPACE FOR AD
ARTICLE AD

Let say the Page is: example.com

In these page i found a reflected parameter like that:

example.com/siteview/8753_OnlinePharmacy.pml?s=<script>alert(1)</script>

When i put these basic payload it reflect in the page like that: Scriptalert1/script i try to bypass it but also not valid :(

so after that i try is in the page there are a search bar i put these payload in it: <script>alert(1)</script> and suddenly it direct gave me a alert without press enter (the payload work only when i type it in the search)

Suiiiiiiiiii

But still there are a problem that these is a self xss and cant do it on a victim so i still thinking what i can do to convert it to a reflected xss

hmm

so i got an idea to see if these page vulnerable to clickjacking so i can chain the two vulnerabilities to convert it to reflect xss so i go to clickjacker to test the page and guess what the page was vulnerable to clickjacking

Now i can make these page and send it to the victim

when the victim past these: WIN100000$ he actually past these payload: <script>alert(1)</script on the search bar of example.com using these script

Read Entire Article