Reddit: XSS in redditmedia.com can compromise data of reddit.com

Description Hi, i would like to report a XSS in redditmedia.com that can affect the reddit.com application. In redditmedia.com domain we are in the domain that reddit.com use to get all the thumbmails of any post. I found that redditmedia.com/gtm/jail uses the "id" parameter to get a valid GTM id...

Nord Security: Arbitrary Set-Cookie via "?coupon=" due to semi-colon not encoded

Related to , the separator in the cookie header is semi-colon ; and this issue is caused by semicolon ; not encoded, so the attacker can arbitrarily manipulate cookies. Arbitrary set cookie will cause several problems like: - Session Fixation - Cookie Bomb Client-Side DoS - Etc Vulnerable Endpoin...

Nord Security: Denial of Service with Cookie Bomb

Summary: This is Denial of Service attack by using which an attacker can make an user unable to access nordvpn.com website. For more information you can read this article. https://blog.innerht.ml/tag/cookie-bomb/ Steps To Reproduce: This will usually work on user's fresh session for which we can...

WePay: Reflected XSS in the IE 11 / Edge (latest versions) on the stage-go.wepay.com

Description Hello. I discovered Reflected XSS on the stage-go.wepay.com. Browsers & OS tested The XSS checked in the latest IE 11 and Edge on Windows 7. Not checked on Windows 10. POC IE 11 or Edge...

GitLab: Cookie bomb

It is possible to create a that called cookie bomb in Gitlab Pages. This is especially a problem if the site creating the cookie bomb uses a shared pages domain. In that case no subdomain of that domain would be accessible for that user anymore until they clear their cookies. That does not only...

Shopify: [livechat.shopify.com] Cookie bomb at customer chats

When we visit the https://livechat.shopify.com/customer/chats/new page the ref and ssid URL parameters are used to set cookie values the way as follows: var getURLParameter = functionname return decodeURIComponentnew RegExp'?|&' + name + '=' + '^&;+?&||;|$'.execlocation.search||,""1.replace/+/g,...

X (Formerly Twitter): DOM based cookie bomb

Hi, I would like to report an issue that allows attackers to plant a "cookie bomb" on a victim's browser, so that the victim will be unable to access any Twitter services. PoC 1. Go to http://innerht.ml/pocs/twitter-dom-based-cookie-bomb/ 2. Click on the "DoS" link 3. Wait for a moment 4. Now...