🎨
Findings
  • Discovered Vulnerabilities
  • Finding Security Vulnerabilities in Android Applications
  • API Endpoints lead to Sensitive Information Disclosure and PII leakage of Employees
  • HTTP Dangerous Methods Enabled - P1
  • Subdomain Takeover
    • Subdomain Takeover
  • XSS
    • XSS on error page
    • Interesting XSS
  • 2FA Bypass
    • Brute-force Protection Bypass
    • Response Manipulation
  • Crazy Account Highjack
  • OAuth Misconfiguration
  • Open Redirect
    • Open Redirect >> XSS
    • Automation
Powered by GitBook
On this page

Was this helpful?

  1. XSS

Interesting XSS

Simple payload | complex exploit

While testing the signup functionalities, I tried to pass XSS payloads in the "First name" & "Last name" fields. However, the filtering was very effective and didn't allow me to enter special characters.

Now I thought of testing the same in their mobile application (Android). I entered : "><script>alert(1)</script> in the "First name" & "Last name" fields. It accepted the input and I could signup.

But throughout the application the payload was not executing. So I went back to the Web App and logged in with the account I signed up with on the android app. The payload was still not executing even on the profile page. Even if it did, it would be considered as self XSS because it would only be possible on authenticated endpoints.

Now I thought how my user data gets used externally, and after some time it occurred to me that this may be done by the website by using APIs. So I went to https://api.target.com and boom💥 the alert box popped up right away.

The impact in this case is that whenever an API call is made externally, the XSS is executed on the external system. I explained the impact and the report got accepted as valid. ✨

PS: I could have used blind XSS payloads pointing towards my server to escalate the impact but back then I didn't know as much.😅

PreviousXSS on error pageNextBrute-force Protection Bypass

Last updated 3 years ago

Was this helpful?