🎨
Findings
  • Discovered Vulnerabilities
  • Finding Security Vulnerabilities in Android Applications
  • API Endpoints lead to Sensitive Information Disclosure and PII leakage of Employees
  • HTTP Dangerous Methods Enabled - P1
  • Subdomain Takeover
    • Subdomain Takeover
  • XSS
    • XSS on error page
    • Interesting XSS
  • 2FA Bypass
    • Brute-force Protection Bypass
    • Response Manipulation
  • Crazy Account Highjack
  • OAuth Misconfiguration
  • Open Redirect
    • Open Redirect >> XSS
    • Automation
Powered by GitBook
On this page

Was this helpful?

  1. XSS

XSS on error page

While I was looking for Business Logic Flaws on this target, I wondered what the response would be if I provided the wrong credentials.

When I entered the wrong credential, an error page appeared along with a message "Invalid Username/Password" The URL looked like : https://example.com/login?errorCd=views.login.email.password.required So I tampered the parameter to XSS payloads. However, the payloads were not executing.

I then tried SSTI payloads and one of them got executed. The final PoC link looked like: https://example.com/login?errorCd={{2*2}} and the error message displayed "4"

I reported it under Client Side Template Injection but later it was categorized by the triager as XSS 🤷‍♂️.

PreviousSubdomain TakeoverNextInteresting XSS

Last updated 3 years ago

Was this helpful?