Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneImthehackerlorH1:732987
HistoryNov 09, 2019 - 7:09 a.m.

OWOX, Inc.: Reflected XSS

2019-11-0907:09:03
imthehackerlor
hackerone.com
56
JSON

Hi team,

I have found an XSS at https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28/dashboard/?trial=activated
Because the input is not properly filtered, resulting in XSS being executed
Vulnerable area:

6177527534dc114eb07fa829e4ce4d28
The URL will now be: https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28<img src=xss onerror=prompt(‘XSS’)>/dashboard/?trial=activated

PoC

1, go to https://bi.owox.com/ui/6177527534dc114eb07fa829e4ce4d28<img src=xss onerror=prompt(‘XSS’)>/dashboard/?trial=activated
2, Log in and XSS will execute
{F630101}

Tested browser

Firefox
Chrome

Impact

This vulnerability is aimed at all victims and they do not need to be involved in the Project. Just paste this URL and login, XSS will automatically execute.
Therefore, it will have a high impact, because before XSS is executed, the application will ask the user to login.

  • The attacker can execute JS code.
    {F630103}
    {F630102}

Documents related to Impact

https://portswigger.net/web-security/cross-site-scripting/reflected
https://portswigger.net/web-security/cross-site-scripting/exploiting

Recommendation

  • Revisit the entire application and validate the user input at server side.
  • Sanitize the data collected from input fields before further processing.
  • Filter out special and meta-characters from user input.

Best regards,
@dat

JSON