Reflected cross site scripting in login page

Disclosed by
KD
  • Engagement Opera Public Bug Bounty
  • Disclosed date over 4 years ago
  • Points 10
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Informational This vulnerability is seen as an accepted business risk
Summary by KD

One of Opera's endpoint that is vulnerable to an injection vulnerability - namely a reflected injection of JavaScript, also known as Reflected Cross-Site Scripting (XSS). As per OWASP's definition: "Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. "
This happens because When we log in. There is a parameter (path which is vulnerable to cross-site scripting and Open redirect) that does not properly sanitize/escape user input, allowing injection to occur.

Report details

  • Submitted

  • Target Location

    *.yoyogames.com

  • Target category

    API Testing

  • VRT

    Cross-Site Scripting (XSS) > Reflected > Non-Self

  • Priority

    P3
  • Bug URL
    https://accountsstage.yoyogames.com/login
  • Description

    Hello,

    I found that the application is vulnerable to cross-site scripting (XSS). XSS is a type of attack that involves running a malicious scripts on a victim’s browser.

    Steps:

    1) Send this link to any user https://accountsstage.yoyogames.com/login?path=javascript:alert(%27KD%27)
    2) Now when the user will open his account an xss alert will pop up
    Xss_opera.png

    Impact:

    We can see it is vulnerable to xss. Once exploited It is possible to steal or manipulate a legitimate user’s session credentials including session cookies.

    Thanks,
    KD :)

Activity