Twitter: XSS via referrer parameter

2020-05-07T06:05:49
ID H1:867616
Type hackerone
Reporter keer0k
Modified 2020-10-26T16:11:27

Description

Description

Hi, i would like to report an XSS via javascript scheme in https://www.twitterflightschool.com/student/award/[ID]?referer=, the payload e need just a click of user to be triggered because the link will be placed in a tag.

url:https://www.twitterflightschool.com/student/award/███?referer=javascript:alert(document.domain)

I attached a video demonstration: {F818801}

Steps to reproduce

  1. go to https://www.twitterflightschool.com/student/award/████████?referer=javascript:alert(document.domain)
  2. click in "X" button in top left of the screen
  3. XSS will be triggered

Impact

it is possible to perform malicious actions on the victim's account