Mail.ru: Vulnerability :- "XSS vulnerability"

2015-09-15T19:07:47
ID H1:89081
Type hackerone
Reporter bhavi
Modified 2015-10-24T15:18:59

Description

Hello mail.ru Security Team,

I have found XSS vulnerability On your WEBSITE :- http://corp.mail.ru/en/jobs/feedback/

My Payload is this :- >'>"><img src=x onmouseover =prompt(0)>

Vulnerability :- "XSS vulnerability"

Vulnerable Fields : "Social Network fields"

Cross-Site Scripting (XSS) vulnerabilities are a type of computer security vulnerability typically found in Web applications. XSS vulnerabilities enable attackers to inject client-side script into Web pages viewed by other users.

Let's See how to find this vulnerability.

Following This all Reproduce Steps Attached POC Dropbox URL:-

And you can see there the XSS Vulnerability is fully Execute by My payload.

Wooooooooooooooo.............!!!!!!!!!!!!!

POC :- Attached Video POC Dropbox URL:- https://www.dropbox.com/sh/7f0yd70uy1yzdfh/AADy-v63UC0rWvNFffk_HW2Ea?dl=0

Thank You...!

Regards, Pratik Panchal