Myndr: Reflected XSS in https://blocked.myndr.net

2020-03-19T09:22:27
ID H1:824433
Type hackerone
Reporter thilakesh
Modified 2020-03-19T15:44:45

Description

Summary:

Reflected XSS in Domain (https://blocked.myndr.net)

Steps To Reproduce:

  1. Go to the https://blocked.myndr.net.
  2. Find the endpoint in the domain -https://blocked.myndr.net/?trg=1
  3. Add the payload ?trg="><script>alert(1)</script>
  4. You can see the pop up in your browser.

Impact

With the help of XSS, a hacker or attacker can perform social engineering on users by redirecting them from real websites to fake ones. the hacker can steal their cookies and download malware on their system, and there are many more attacking scenarios a skilled attacker can perform with XSS.