QIWI: [qiwi.com] /oauth/confirm.action XSS

ID H1:36319
Type hackerone
Reporter akhil-reni
Modified 2014-12-20T15:45:06


Hey hi,

I have found a XSS in oauth2

vulnerable link: https://qiwi.com/oauth/confirm.action?redirect=javascript:alert(1);/////&clientId=kav_subscribe

steps to reproduce: 1) open the following link https://qiwi.com/oauth/confirm.action?redirect=javascript:alert(1);/////&clientId=kav_subscribe 2) click Вернуться на сайт магазина 3) you will a alert on the browser.

Vulnerable parameter: redirect= payload: javascript:alert(1);///// POC: look for attached screenshot.

Thanks, karthik