Cross-Site Scripting Vulnerability in

Cross-Site Scripting Vulnerability in

Bug Type : Cross Site Scripting (XSS)
Checked in : Firefox
OS : Windows 7

Cross-Site Scripting Vulnerability in

Description of Vulnerability :
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

Impact of Vulnerability :
By exploiting this vulnerability, one can redirect a user to a malicious page and even can steal the session by injecting a malicious script.

Proof-of-concept :'XSSed');&t=&u='XSSed');&pd=N&pr=$0.00&t=&u='XSSed');&pr=$0.00&t=&u=

Affected Areas :
1. The parameter 'pr' is vulnerable to XSS attack.
2. Even the parameter 'i' and 'pd' are vulnerable to XSS.

Steps to Reproduce :
1. First of all, I registered on your website ''.

2. On the final page that says 'Hey! Thanks for Signing Up', the URL is something like this$0.00&t=&u=

3. Then I crafted the URL to'XSSed');&t=&u=

4. And Bang! I got the pop up.

*. Found : 12 April 2015
*. Reported : 14 April 2015
*. Fixed : 6 May 2015

Reward : $100 + DotMag Theme (Worth $49+)
Next Post »

Subscribe to our mailing list

* indicates required
Select your Interested Topics.