logo
DATABASE RESOURCES PRICING ABOUT US

Zendesk: XSS in zendesk.com/product/

Description

Vulnerable urls: https://www.zendesk.com/product/tour/ https://www.zendesk.com/product/pricing/ or just https://www.zendesk.com/product/ Vulnerable parameter is a **cvo_sid1**, used in **live.js** to call convertro code (without sanitizing). This leads to generating malformed javascript answer with XSS injection ability. (See screenshots below). There is a restriction on a semicolon use, so i replaced it with %3b. To reproduce vulnerability, you could try this safe example: `https://www.zendesk.com/product/tour/#?cvo_sid1=1")%3balert(document.cookie%2b"` This vulnerability provides a great opportunity for victim to lose not only cookies, but also control over the account after stealth forwarding to porposely generated link like this :))