I Find Reflected Xss in Javatpoint
Hello viewers, i hope you all guys are safe & cure in your house
What is Reflected Xss ?
Reflected Xss is a Injection attack or vulnerability where attacker can try to execute malicious javascript code or payload into target web application & do something malicious like cookie stealing, fetch accounts data etc.
This is a co-incident, that i will able able to hunt Reflacted Xss in javatpoint.
Javatpoint is the online learning platform where you learn about programming languages & latest IT technologies.
I am a CS student. I follow javatpoint.com to learning progrmming.One day i will learning java from javatpoint.There are online compiler attached here to complie programms.I will try to complie my program then i see a parameter in the url bar which get a value. Then i start testing on this site,sometime letter i will found Reflacted Xss in this site.
Steps To Reproduce:
- Goto “Vulnurable Url" this url
- Intercept this request using Burpsuite
- Send it to Repeater
- I change the value of parameter “parameter=value” Click Send to get Response
- I see the “value” is reflaceted in background
- Again, i change the value of parameter of “</title><script>alert(1)</script>”
- After clicking Send Button i see the response header is 200 Ok
- Copy this Request & Paste it into Browser
- I see a popup box appeared
Payload: “</title><script>alert(1)</script>”
Repoting:
17 October 2021- Report to Security Team
They didn’t get back any response
But I didn’t give up………..
Connect with me to latest Reports or Updates in Bug Bounty
https://twitter.com/Subhadeep_2001