Persistent Cross-Site Scripting on redacted worth $2,000
This is my second write-up, but this time again I am not sharing any technical one. In this report, You will see how a single user of redacted ORG can affect the each and every member of ORG including admins etc from XSS Vulnerability. The target website was a CRM.
I reported this Vulnerability to redacted 3 years ago and got rewarded of $2000. Will share some technical Vulnerabilities very soon :)
So I got an invitation on HackerOne to Pentest redacted web services, I start Pentesting. I was looking for XSS because as you all know CRM based on Users and Admins, In case if the user-initiated XSS attack that affects admins and all users that will be High-level Cross-Site Scripting. So I was looking Cross-Site Scripting Vulnerability that will be initiated by the user.
How I find Persistent Cross-Site Scripting on redacted?
I went to the Library functionality of redacted, and create a library with XSS payload like “><script>alert(1)</script>#”><img src=”x” onerror=prompt(1);> but no luck. I tried multiple payloads in every field but every time the response is in plaintext.
I was moving to the next functionality of redacted because I was not able to bypass the XSS filter, At the same time, I saw the tags Options in Libraries. Where we can create custom tags. I create a custom tag with <img src xss> payload and boom!
BOOM ….. BOOOOM …..BOOOOOOOOOOOOOM !!!!
XSS Trigger Successfully, and this attack is initiated by a User that can affect all Admins and all Users of the ORG.
So redacted rewarded me $1500 and $500 bonus, also my report was selected as one of the best reports of August and rewarded $500 bonus!
Redacted fix this Vulnerability very quickly and reward me a bounty.
Thanks a lot for reading my report :)