vulnerability Bug On Gitbook.com
This time i am sharing my experience during finding a bug in gitbook.com
The bug resides in the input field of the profile pages ,where there is no client side verification is happened.So,I simply payloaded a script and holah ! :),It reflected in the website.The XSS is called an Reflected XSS as it obtained as a result of server’s response.
Proof Of Concept :
I inputed a script in the username field and it got reflected ! It also happened in the description field also :)
Proof Of Concept