CVE-2020–35698
Thinkific Online Course Creation Platform 1.0 is affected by: Cross-Site Scripting (XSS).
Discovered by : Rohit Gautam
Reference:https://portswigger.net/web-security/cross-site-scripting
What is XSS?
Cross-Site Scripting (XSS) is a web application vulnerability that occurs when an attacker injects malicious scripts into a trusted website. These scripts can be written in various scripting languages, such as JavaScript, and are executed by unsuspecting users’ browsers. XSS attacks can have a range of negative consequences, including stealing sensitive user information, hijacking user sessions, or defacing websites.
Bug Description:
To exploit the vulnerability victim has just to visit the link — https://hacktify.thinkific.com/account/billing?success=%E2%80%AA%3Cscript%3Ealert(1)%3C/script%3E and the xss will be triggered.
Steps to Reproduce:
Step 1: Go to Google.com
Step 2: Search for this Dork site:thinkific.com -www
Step 3: You will get a list of websites that are running on the Thinkific domains.
Step 4: Create an account and sign in to any of the website
Step 5: Add this endpoint at the end of the domain and you will see that there is an XSS Alert /account/billing?success=%E2%80%AA<script>alert(1)</script>
Step 6: Choose any domains from Google for any website this exploit will work on all the websites as it is a code-based flaw in the CMS.
Step 7: Thousands of websites are vulnerable due to this vulnerable code in the CMS itself which is giving rise to the XSS attack.
LinkedIn: https://www.linkedin.com/in/iamrohitg
Thank you.
Rohit Gautam.