HTML Injection(Unique Exploitation)

Hey Guys! I know HTML injection is not something you wanted to read but however its an unique issue which i have found.

About the Application

This web application has different authentication process. You will have to enter your username and it will send you an magic link to your email which will have an login link.

Here is how the link looks

Image for post
Image for post

So something to note here is the IP ? I don’t know how it got into my head to Spoof this ip although i know this not an issue .

Steps to Reproduce

  1. When we login the following POST Request is made
Image for post
Image for post

2. So I have read some blogs where I have seen few guys bypassing rate limit using spoofing X-Forwarded-For: so i thought lets try

So I added X-Forwarded-For: google.com and in the mail I got my Ip as google.com so next i wanted to try HTML injection

I made the following request

Image for post
Image for post

So as you can see i have added a X-Forwarded-For: <h1>Pratik Attacker</h1> so i was expecting Pratik Attacker in h1 at my email .

So as expected . You can see in the screenshot my IP address is displayed as Pratik Attacker as H1 which clearly prooves that the site was vulnerable to html injection

Image for post
Image for post

So what next

I added X-Forwarded-For :- <a href=”attacker.com”><h1><font color=”red”>Please click here to login to your account<h1></font></a> in the post request and as expected

Disclosure

I quickly created a report and I reported this to the CEO on Telegram so instantly he messaged me that he has individually fixed the bug in just 2 Minutes and rewarded me 250$ for this vulnerability.

Image for post
Image for post

As you can see he just fixed this issue in 2 Minutes >I really appreciate his dedication for his product.

Thanks
Best Regards

Pratik Yadav

https://twitter.com/@PratikY9967

Written by

Student :) also a Full time Security engineer at cryptoexchange:)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store