CVE-2020–35698

Thinkific Online Course Creation Platform 1.0 is affected by: Cross-Site Scripting (XSS).

Discovered by : Rohit Gautam

Reference:https://portswigger.net/web-security/cross-site-scripting

What is XSS?

Cross-Site Scripting (XSS) is a web application vulnerability that occurs when an attacker injects malicious scripts into a trusted website. These scripts can be written in various scripting languages, such as JavaScript, and are executed by unsuspecting users’ browsers. XSS attacks can have a range of negative consequences, including stealing sensitive user information, hijacking user sessions, or defacing websites.

Bug Description:

To exploit the vulnerability victim has just to visit the link — https://hacktify.thinkific.com/account/billing?success=%E2%80%AA%3Cscript%3Ealert(1)%3C/script%3E and the xss will be triggered.

Steps to Reproduce:

Step 1: Go to Google.com

Step 2: Search for this Dork site:thinkific.com -www

Step 3: You will get a list of websites that are running on the Thinkific domains.

Step 4: Create an account and sign in to any of the website

Step 5: Add this endpoint at the end of the domain and you will see that there is an XSS Alert /account/billing?success=%E2%80%AA<script>alert(1)</script>

Step 6: Choose any domains from Google for any website this exploit will work on all the websites as it is a code-based flaw in the CMS.

Step 7: Thousands of websites are vulnerable due to this vulnerable code in the CMS itself which is giving rise to the XSS attack.

LinkedIn: https://www.linkedin.com/in/iamrohitg

Thank you.
Rohit Gautam.