Skip to main content

Featured

Stealing CSRF tokens using XSS on Signup page

I'm assuming everyone reading this blog post know what CSRF and XSS are.If you don't, having a quick search on google can yield you many results. While crawling for vulnerabilities and searching on google, navigating through pages. I finally landed on a website. As per disclosure policies I'm not allowed to disclose the company/website. So lets use REDACTED.com. Doing recon using passive and active techniques. I found no sub-domains , no low hanging vulnerabilities. Every mechanism works pretty fine or may be I missed something. After hours of testing, signup page caught my attention. I was like "How did I miss this..." Navigated to https://www.REDACTED.com/signup After analysis, the url input fields are vulnerable to XSS. But it turns out to be useless because it's on signup page.I though of exploiting it. First I registered an account and verified it using the confirmation link I received in my inbox. I navigated to prof...
Post a Comment
Read more

Stored Cross site scripting( XSS ) in edmodo.com

Hello friends,

I am back with new post.

Ok , in this post i'll show you how I was able to find a stored xss in edmodo.com

Vulnerability type : Stored Cross Site Scripting ( XSS )

Vulnerability Description : Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

First, one of my friend Karthik he updated his status with a post about edmodo.com , that he received a swag from edmodo.com for reporting vulnerability. So I thought to hunt edmodo for vulnerabilities.

So here is the vulnerability which I found in edmodo site.

Proof of Concept (PoC):
[1].edmodo.com , signup , signin , navigate to your profile
[2].In profile we can create badges.(this is the vulnerable part)
[3].So I created a badge with name varun.And I looked into source code of the page and observed this: 

[4].As you can see , my name or input was used in other attributes,so i thought of exploiting this behaviour.
[5].So I created a new badge with name "onclick=alert("Hacked_by_varun"),my input wasn't sanitized , so my payload got directly injected into page source which created a new attribute : onclick by closing alt attribute with payload "onclick=alert("HACKED_BY_VARUN")




[6].So,when I click on the badge it alerts us with text "HACKED_BY_VARUN"

And I was like : "YES I DID IT"

So in this way an attacker can steal user's credentials like sessions and so on.
Hacker can hack all the user accounts who visits the attacker profile because there is a XSS vulnerability.

NOTE: This vulnerability was patched
My reward on the way :) ;)

Hope you enjoyed reading guys ;)
Bye for now.

-Varun

Comments

  1. Natural gas30 July 2017 at 05:12

    Thanks for sharing all information about cross site scripting. Screenshots are very helpful. Very well written and easy to understand.

    ReplyDelete
    Replies
    1. Break The Code30 July 2017 at 05:41

      Bliss :) any help ? ping me : varunchowdary19@gmail.com

      Delete
  2. nullptr27 September 2017 at 06:00

    Hi varun , I want to learn Scripting and hacking from you , may I get in touch with you -
    karif5077@gmail.com
    admin@andmp.com

    ReplyDelete

Post a Comment

Popular Posts