Skip to main content

Featured

Stealing CSRF tokens using XSS on Signup page

I'm assuming everyone reading this blog post know what CSRF and XSS are.If you don't, having a quick search on google can yield you many results. While crawling for vulnerabilities and searching on google, navigating through pages. I finally landed on a website. As per disclosure policies I'm not allowed to disclose the company/website. So lets use REDACTED.com. Doing recon using passive and active techniques. I found no sub-domains , no low hanging vulnerabilities. Every mechanism works pretty fine or may be I missed something. After hours of testing, signup page caught my attention. I was like "How did I miss this..." Navigated to https://www.REDACTED.com/signup After analysis, the url input fields are vulnerable to XSS. But it turns out to be useless because it's on signup page.I though of exploiting it. First I registered an account and verified it using the confirmation link I received in my inbox. I navigated to prof
Post a Comment
Read more

Stored Xss ( Cross Site Scripting ) in Moment.me

Stored Xss ( Cross Site Scripting ) in Moment.me

 

Hello Friends This is my First blog writeup or post.
And in this post i am gonna tell you about the stored xss bug in moment.me.

Actually i did not expect that i can find vulnerabilities ( loop hole in security of the website) as so many security researchers have already reported bugs to moment.me and were acknowledged by moment.me with a digital certificate.

The day i woke up opened my laptop , connected to internet and started surfing through facebook posts .....and i saw a post of one of my friend "Amine" he reported bugs to moment.me and was acknowledged by a badge of honor .....

So i immediately navigated to moment.me and thought what type of bug should i exploit...? And the days back i like to exploit xss bugs ....so started hunting xss bugs in that website....

Proof of Concept (PoC) :

[1]. I signed up in that website and went into Details tab and entered xss payloads : "><img src=x onerror=javascipt:alert("xss")>
And the website did not sanitize the xss payloads and i saved it

 [2]. I navigated to appearance tab and i entered xss payloads  :
[3]. And this was last move .... :) 3:) i navigated to Albums tab and clicked on Add albums button and my script got executed :
[4]. After reloading the page BOOM!!!! my script got executed and the pop-up popped up 3:)
And i was like :
And even this is my first bug in the field of hacking
Moment.me sent me the Digital Certificate within a day
Hope you liked it :) ;) have a great day
hope the best (y)


Comments

  1. nullptr27 September 2017 at 06:04

    Great Hack and simplistic article .Are you on any IRC ?

    ReplyDelete
  2. caitlinhaasl3 March 2022 at 05:31

    Harrah's, Casino & Resort | Dr. Maryland
    Explore casino hours, 제주 출장마사지 find the best games and stay at Harrah's in Harrah's Philadelphia. This location 충주 출장안마 is located 대구광역 출장샵 close 부산광역 출장안마 to Caesars Philadelphia, 안성 출장샵

    ReplyDelete

Post a Comment

Popular Posts