vulnerability Bug On Gitbook.com

Hello All,

This time i am sharing my experience during finding a bug in gitbook.com

The bug resides in the input field of the profile pages ,where there is no client side verification is happened.So,I simply payloaded a script and holah ! :),It reflected in the website.The XSS is called an Reflected XSS as it obtained as a result of server’s response.

Proof Of Concept :

I inputed a script in the username field and it got reflected ! It also happened in the description field also :)

Proof Of Concept

Injecting a PayLoad
Reflected Page
One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.