Hy this is Thejus Krishnan, This article on my recent finding of ASUS Web Application Vulnerability which was affected by cross Site Scripting.
When i was searching for an Asus product, i accidentally found out a sub domain https://press.asus.com.
Url : https://press.asus.com/search?search=, Here i tried XSS.
When i submitted the payload “dvs9c”><script>alert(‘hello’)</script>jnyf0" in the search parameter. BOOM..! i got XSS.
Vulnerable url : https://press.asus.com/search.php?search=Triodvs9c"><script>alert(“hello”)</script>jnyf0
Few Weeks after reporting this issue to Asus Security Team. I got a replay from Asus Team that the issue has been resolved.
Thanks for reading.