BOOK THIS SPACE FOR AD
ARTICLE ADIn this blog post, I will discuss the details of a reflected cross-site scripting (XSS) vulnerability in a online store.
What types of attacks can be done with this type of XSS?
The most common types are:
Phishing by redirectingload a script to the victim computer by clicking the linkSteal Cookies, IPs , and more information about the victimHow did i found it? lets start from the beginning.
i found this xss at main domain so i skip the recon part. when i analyzed every request of main domain i noticed a parameter “site.com/gb/?s=XSS” taking input. All i needed to do next is to check if this parameter is really vulnerable so i checked if this characters <>”=’() is working or encoded by the website security and found out that the reflection i got was not encoded by the website security and that there is no security there.
This “/?s=” parameter is not blocking special characters. So , i try some xss payload and its execute successfully .
This has been reported and the security Team response and fix for this vulnerability was very quick!
Thank you so much for reading.
Cyber security Researcher