.png)
1 year ago
82 BOOK THIS SPACE FOR AD
ARTICLE ADHello everyone, I am Vignesh, a 20-year-old Security Researcher from TamilNadu, India.
Summary:
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
Steps to reproduce:
I just run the basic script tag <script>alert(1)</script>. The payload is reflected but it’s not executed since, the payload is executed as a value inside the script tag. To execute the payload outside the script tag, I just closed the script tag by “> so that the payload is “><script>alert(1)</script>.
Impact:
Cross site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account.
I submitted this vulnerability via openbugbounty.org and the report is https://www.openbugbounty.org/reports/2811421/
Vulnerability Reported: 24 July, 2022
Vulnerability Verified: 24July, 2022
Public disclosure: 29 October, 2022
Buy Me A Coffee: https://www.buymeacoffee.com/vignesh3004
Follow me on Linkedin: https://www.linkedin.com/in/vignesh3004/
Bengali (Bangladesh) · 
English (United States) ·