Uber: Reflected XSS on multiple uberinternal.com domains

2018-03-15T23:06:34
ID H1:326449
Type hackerone
Reporter fady_othman
Modified 2018-11-13T22:59:54

Description

The base parameter of /oidauth/prompt on multiple uberinternal.com subdomains was not sanitized before being reflected into the page body, making it vulnerable to reflected XSS. Additionally, these pages were affected by a clickjacking vulnerability that made exploitation easier, since a click was required to trigger the XSS. https://blog.fadyothman.com/how-i-discovered-xss-that-affects-over-20-uber-subdomains/