Hy this is Thejus Krishnan, This article on my recent finding of ASUS Web Application Vulnerability which was affected by cross Site Scripting.

When i was searching for an Asus product, i accidentally found out a sub domain https://press.asus.com.

Url : https://press.asus.com/search?search=, Here i tried XSS.

When i submitted the payload “dvs9c”><script>alert(‘hello’)</script>jnyf0" in the search parameter. BOOM..! i got XSS.

Vulnerable url : https://press.asus.com/search.php?search=Triodvs9c"><script>alert(“hello”)</script>jnyf0

Few Weeks after reporting this issue to Asus Security Team. I got a replay from Asus Team that the issue has been resolved.

Thanks for reading.

Security Researcher | Web Pentester | Dev

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store