Gratipay: self cross site scripting

2017-07-04T09:16:02
ID H1:245762
Type hackerone
Reporter tanvi07
Modified 2017-07-10T09:50:38

Description

Vulnerability Exploited : cross site scripting using csrf

Vulnerable URL:https://gratipay.com/search

Vulnerability Explanation :The application is vulnerable with Reflected Cross Site Scripting. Here application fails to validate user supplied inputs due to which an attacker can inject his own JavaScript on your web application.

Impact :The attacker can access the victim's cookies associated with the website using document.domain, send them to his own server, and use them to hijack the session of target user. An attacker can also register a keyboard event listener using addEventListener and then send all of the user's keystrokes to his own server, potentially recording sensitive information such as passwords and credit card numbers.

Payload : <script>alert(document.domain>

severity: high

step to reproduce: 1) login the URL https://gratipay.com. 2) go to search button. 3)use the proxy like burp suit.and intercept the request of search box. 4)generate the csrf code ,then after write in search to above payload. 5) csrf text file run in the browser 6) you can see that cross site scripting.