XML XSS in *.yandex.ru by Accident
I will tell this story as short as posibble cause i know everyone hate reading ? or i hate writing? who know? just read cause this represent my feeling.
Long time a go in betlehem~ , no no no this not a song. enough , time to serious.
I just surf in the internet bout em some SEO and i come with this site when i surf to deeper :( no im not, it just by an accident. okay let’s go
i saw request like this in my burp history and i goto repeater to testing something-something good :D xixixi.
First try, i try to insert payload like this <script>alert()</script> but we can see our payload can’t escape that TAG in XML.
Second try, i try to escape with this payload “><script>alert()</script> to escaping the tag. but . . . this happen
Because this is a XML i try to rewrite the XML with this payload
Because the payload have a break-line and some spaces , and then we should replace this payload to GET request , we should encode this payload with urlencode to make a valid request to server.
And boom …
And the final touch we should make sure this payload is will show us a popup in browser. and i try to popup my cookies in browser and .. .. .. Boom
No meme today :( im sorry