"--></style></ script >< script > alert ("XSS ")</ script >
When ending the previous style and script element it was possible to add a new script element and executing the Payload, the complete URL looks like this now :
This one only worked in Firefox, Chrome and IE restricted the execution with the anti XSS feature.
The Bug was categorized as “Out of Scope” for whatever reason.
Hope you enjoyed, if you have any question left, please don’t hesitate to contact me at patrik.fehrenbach(at)it-securityguard.com
i recently discovered a stored cross site scripting vulnerability on Paypal’s core site. The scenario is a bit weird, but i hope to explain everything as good as possible.
But when i tried to fullfill the registration the security module of Paypal showed me an error that there is some kind problem with my request. When i looked at the URL i saw that there was some kind of progress bar
To summarize the progress :
1. Create an account with the malicious Payload
2. At the point where the Paypal systems stops you from continuing erease the URL till /webapps/ (bypassed the Security restriction)
3. Create an invoice, send it to the victim
4. Victim logs into the the Account and the Payload gets executed
I did a small POC Video which describes the impact :
I hope you enjoyed 🙂
i recently searched for vulnerabilities on a Google service called tagmanager, this service is used for SEO operations. My main research was to look for any field that could be vulnerable to Cross Site Scripting, but every field was protected against special characters as you can see in the image below. So pretty useless to search on further on this.
So the next thing i saw was that the Tagmanager allowed a user to upload a set of definitions, tags, and Macros in form of a JSON File.
What i did next was to download the sample JSON file and edited the Name fields of the macros (which were not allowed special characters)
"name": "#“><img src=/ onerror=alert(3)>",
And guess what ? After uploading and overwriting the settings, the Payload got executed.
Here’s the POC Video i sent in
Hope you enjoyed! 🙂
all the best