Hey Guys! I know HTML injection is not something you wanted to read but however its an unique issue which i have found.
About the Application
This web application has different authentication process. You will have to enter your username and it will send you an magic link to your email which will have an login link.
Here is how the link looks
So something to note here is the IP ? I don’t know how it got into my head to Spoof this ip although i know this not an issue .
Steps to Reproduce
- When we login the following POST Request is made
2. So I have read some blogs where I have seen few guys bypassing rate limit using spoofing X-Forwarded-For: so i thought lets try
So I added X-Forwarded-For: google.com and in the mail I got my Ip as google.com so next i wanted to try HTML injection
I made the following request
So as you can see i have added a X-Forwarded-For: <h1>Pratik Attacker</h1> so i was expecting Pratik Attacker in h1 at my email .
So as expected . You can see in the screenshot my IP address is displayed as Pratik Attacker as H1 which clearly prooves that the site was vulnerable to html injection
So what next
I added X-Forwarded-For :- <a href=”attacker.com”><h1><font color=”red”>Please click here to login to your account<h1></font></a> in the post request and as expected
I quickly created a report and I reported this to the CEO on Telegram so instantly he messaged me that he has individually fixed the bug in just 2 Minutes and rewarded me 250$ for this vulnerability.
As you can see he just fixed this issue in 2 Minutes >I really appreciate his dedication for his product.