ONEPLUS XSS vulnerability in Customer Support Portal

Mainak Sadhukhan
Sep 24 · 1 min read

So here is how XSS was detected in the Giant Mobile company site-OnePlus. Though I was not the first one to detect and report the vulnerability, this might give you an idea where all vulnerabilities may be present and will help in manual hunting.

  1. First, you need to login to the oneplus account (https://www.oneplus.com).

2. Then, navigate to Support →Contact Us →Chat with Us.

3. Fill in email-is, Name, Ph no. and issue details and proceed to the chat window.

Or, Alternatively you can directly navigate to the Customer Support Portal using this link to start chat as anonymous user.

https://onepluscare.custhelp.com/app/chat/chat_landing.

4. In the chat window, in text input field, type any one of the following payloads(JS Codes):

<img src=xss onerror=alert(1)>

<img src=x onerror=prompt(document.cookie)>

5. Boom, alert pops up which indicates that the client side browser is executing the javascript codes which can be exploited by attackers to steal cookies and much more.

Whatever we type in the chat window is reflected in the browser which means reflected xss may be present and the first thing one must check is the source code of response page. If the input is not properly filtered, it is very easy to craft a payload for Reflected XSS.

Here is the Video POC.

Thanks for reading, please also SUBSCRIBE to my youTube Channel.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade