ok.ru: cross siite scripting in the blog

ID H1:77904
Type hackerone
Reporter cyberboy
Modified 2017-04-17T16:57:09


@cyberboy reported the following issue: > Well your domain http://blog.ok.ru/ gets redirected to http://insideok.ru which seems to be your domain as well . I confirmed that by making a whois check up.

> The search parameter has a reflected cross site scripting vulnerability in it

> The direct URL of the bug is as below

> http://insideok.ru/search/dev?q=<svg onload=prompt(0)>