.png)
4 weeks ago
29 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello There ! I’m very happy to share information with you. Today we’ll talk about Reflected XSS and analyze this situation on Domino’s
What Is The Reflected XSS ?
Reflected XSS is a web security vulnerability that allows an attacker to trick the victim into executing malicious code. The attacker exploits this vulnerability by having the injected code reflected by the server and executed by the browser. If I have to give an exmaple :
https://example.com/index.php?=<script>alert(1)</script>How Can We Protect Ourselves From This ?
Every data entered by the user must be saved securely. This can be prevented by using methods such as HTML Escape (or you can use a quality WAF (Web Application Firewall) !)
Let’s analyze this situation at Domino’s
As you can see there is a strange parameter above :
https://dominos.com-----Message=Teknik%20bir%20hata%20oluştu.%20Lütfen%20daha%20sonra%20tekrar%20deneyinIf we change this parameter :
What if we change this parameter with a malicious payload ?
As you can see a “quality WAF” is working ! BUT with a little scanning, you can find a payload that can bypass this WAF. Now Let’s look at the new version.
With a little browsing on the internet I discovered a malicious payload and this payload bypassed the WAF !
(Unfortunately I can’t share payload with you :/ )
I discovered a dangerous security vulnerability in Domino’s and reported it ! As a result of the long-awaited patch update, I was entitled to enter the acknowledgments lists !
(https://dominos.responsibledisclosure.com/hc/en-us/articles/360001378594-Acknowledgments)
Thank you for reading and interest ! See you in future posts.
Best Regards,
Crypto (@xrypt0)
Bengali (Bangladesh) · 
English (United States) ·