Airbnb: [airbnb.com] XSS via Cookie flash

2017-01-10T19:00:22
ID H1:197334
Type hackerone
Reporter bobrov
Modified 2018-04-03T23:33:58

Description

By corrupting the value of a cookie on the airbnb.com domain, bobrov was able to execute an XSS payload. Because cookies cannot be set cross-domain, this did require another vulnerability to be exploitable. Furthermore, because of CSP, this was only exploitable in Internet Explorer 11. The issue was fixed with enhanced output encoding.

Thanks to bobrov for this well-documented finding!