I was going around hunting and penetrating websites trying to get a few more bucks to save in my pocket which I later use to pay my college fees when I came across this wonderful vulnerability in Oracle Netsuite.
Most sites actually try to secure the search bar more as they are well aware that it is always the target of attackers for finding reflected xss.
I simply starting using the search bar of netsuite typing simple payloads. That’s when I remembered a type of reflected xss vulnerabilty using access keys. In my case if the victim pressed alt+shift+X , the XSS will fire.
The vulnerable link was something like this — http://search.netsuite.com/socialsearch/query?cc=www&cn=netsuite&attrFilter=xlmav%22accesskey%3d%22x%22onclick%3d%22alert(document.domain)%22%2f%2fwzraf&q=k+hj+jh+j&submit=
Now when the victim recieves the link and does a simple alt+shift+X ; xss gets triggered at search.netsuite.com (WOHOOO!)
The security team was very fast to mitigate the issue and immediately removed the search functionality . The bug was fixed within a week.
But I wonder why they asked me to delete the unlisted video POC ? Were they afraid of bug getting disclosed? God knows! Happy that the issue is resolved now.
We need pudding after dinner;so is the case where we need POC for each bug. So here I am giving the unlisted video POC for all enthusiasts.
PLese don’t forget to clap the story and follow me on twitter. https://twitter.com/CircleNinja
PS- Please comment if you need to become a writer for this publication and I will add you.
Say me HI at firstname.lastname@example.org
THANKS A LOT for stopping by!