BOOK THIS SPACE FOR AD
ARTICLE ADWhile Reconnaissance we found an /index.html path with a response 200 which was unexpectable as the URL of the application was a login page, then after access found a UI of a QR code scanner.
Then found the button “ Code Scanner “ redirects to a GitHub tool “ https://github.com/mebjas/html5-qrcode “ then we used the QR Generator website “ https://www.the-qrcode-generator.com/ “ to create our QR code.
First we embed a random text in the QR Code to see how the application is handling the tool output.
Found that the application is redirecting the embed text.
Then when inspect the text we found that it redirected via HTML span tag.
So we Created a new QR code with the following payload “ </span><img src=a onerror=alert(“XSS”)> “
After Uploading it we Got An Alert !!!