I Find Reflected Xss in Javatpoint

Hello viewers, i hope you all guys are safe & cure in your house

What is Reflected Xss ?

Reflected Xss is a Injection attack or vulnerability where attacker can try to execute malicious javascript code or payload into target web application & do something malicious like cookie stealing, fetch accounts data etc.

This is a co-incident, that i will able able to hunt Reflacted Xss in javatpoint.

Javatpoint is the online learning platform where you learn about programming languages & latest IT technologies.

I am a CS student. I follow javatpoint.com to learning progrmming.One day i will learning java from javatpoint.There are online compiler attached here to complie programms.I will try to complie my program then i see a parameter in the url bar which get a value. Then i start testing on this site,sometime letter i will found Reflacted Xss in this site.

Steps To Reproduce:

1. Goto “Vulnurable Url" this url
2. Intercept this request using Burpsuite
3. Send it to Repeater
4. I change the value of parameter “parameter=value” Click Send to get Response
5. I see the “value” is reflaceted in background
6. Again, i change the value of parameter of “</title><script>alert(1)</script>”
7. After clicking Send Button i see the response header is 200 Ok
8. Copy this Request & Paste it into Browser
9. I see a popup box appeared

Payload: “</title><script>alert(1)</script>”

Proof of Concept (POC)

Repoting:

17 October 2021- Report to Security Team

They didn’t get back any response

But I didn’t give up………..

Connect with me to latest Reports or Updates in Bug Bounty

https://twitter.com/Subhadeep_2001

www.linkedin.com/in/subhadeep-kundu-2001

https://www.facebook.com/subhadeep.kundu.397/