Reflected XSS In AT&T [ $50 ]

Hi today. I want to share how i found xss in AT&T.
I find subdomain using google dork.


and watch all subdomain

When visit to

It redirect to

& i check view source.I notice in js variable jsloginUrl


var jsuserName = '';
var jsloginUrl = '';

That is input value of loginUrl param.I try to inject and i see in viewsource.'"></;

var jsuserName = '';
var jsloginUrl = ''"></;';

It ok

Try to inject xss payload';alert(document.domain);x='

The payload is successfully injected to webpage

var jsuserName = '';
var jsloginUrl = 'x';alert(document.domain);x='';

I got alert.

I report to AT&T via hackerone.After 4 months ….. Bug is resolved.

I am not good in english but i try hard to understand what i write.See you in next bounty writeup

Thanks for reading

Edit . I got $50 award.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store