Reflected XSS on Stack Overflow

newp_th
newp_th
Apr 27, 2018 · 2 min read

This is @newp_th. Today I want to share with you a Reflected XSS which I found in Stack Overflow.

While i was testing some other domain and doing spider activity in burpsuite, I checked issues tab whether any issues were popped up. Suddently i got to know Stack Overflow is vulnerable to XSS (i used reflector extension https://github.com/elkokc/reflector). So i decided to test that domain of Stack Overflow.

Reflector extension:

Burp Suite extension is able to find reflected XSS on page in real-time while browsing on web-site and include some features as:

Highlighting of reflection in the response tab.
Test which symbols is allowed in this reflection.
Analyze of reflection context.
Content-Type whitelist.

When i was going through the Stack Overflow domain, I noticed a vulnerable parameter in Cookie!!, I put a simple payload “></script><img src=x onerror=alert(1)> into the prov parameter.

Image for post
Image for post
Request

After cheking the reponse from IE, Got the XSS POPUP!!!!

Image for post
Image for post

Note:
Dedicated to my friend Renjith(https://ae.linkedin.com/in/renjith-tc-bb9b40a1), I greatly appreciate the time you’ve taken to share your knowledge with me

HOF on the way!!!!

Image for post
Image for post

Timeline
Feb 14th -Report submitted
Feb 19th -Triaged
April 3rd -Fixed

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store