HashFlare

Cross-Site Scripting Vulnerability in MyThemeShop.com

Bug Type : Cross Site Scripting (XSS)
Checked in : Firefox
OS : Windows 7

MyThemeShop.com Bug by Nishant NIchani

Description of Vulnerability :
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.


Impact of Vulnerability :
By exploiting this vulnerability, one can redirect a user to a malicious page and even can steal the session by injecting a malicious script.

Proof-of-concept :
https://mythemeshop.com/success/free/thanks.php?i=XYZ&pd=N&pr=alert('XSSed');&t=&u=

https://mythemeshop.com/success/free/thanks.php?i=alert('XSSed');&pd=N&pr=$0.00&t=&u=

https://mythemeshop.com/success/free/thanks.php?i=&pd=alert('XSSed');&pr=$0.00&t=&u=

Affected Areas :
1. The parameter 'pr' is vulnerable to XSS attack.
2. Even the parameter 'i' and 'pd' are vulnerable to XSS.

Steps to Reproduce :
1. First of all, I registered on your website 'www.mythemeshop.com'.

2. On the final page that says 'Hey! Thanks for Signing Up', the URL is something like this https://mythemeshop.com/success/free/thanks.php?i=XYZ&pd=All%20Free%20Themes&pr=$0.00&t=&u=

3. Then I crafted the URL to https://mythemeshop.com/success/free/thanks.php?i=XYZ&pd=N&pr=alert('XSSed');&t=&u=

4. And Bang! I got the pop up.

Timeline
*. Found : 12 April 2015
*. Reported : 14 April 2015
*. Fixed : 6 May 2015

Reward : $100 + DotMag Theme (Worth $49+)
Previous
Next Post »

Subscribe to our mailing list

* indicates required
Select your Interested Topics.