Hello friends This post is the poc for the critical reflected xss which i have founded at Magento Search bar . It was critical because the xss was in the search and the worst part was that it was also affecting The enterprise Magento software (which was premium).
I tried first the usual one like “><img src=x onerror=prompt(document.domain);> and then i constructed some but all the other characters were filtering and none of them worked out but interesting part was that while hitting the search i was getting the search result of all the other guys (hunter’s ) with some xss or scripts tags :v . Then i thought it has been already patched or secure ! But still somewhere i was having a hope to bypass their applied code then i thought to give a chance with obfuscation then i builded up this one with oldy goldy hackbar .
and boom 😀 it just popped out !
i reported to them under their bug bounty program and unfortunately it was a duplicate one 😦 it has been done by another hunter and he enjoyed the treat of 1000$ ;-?
but still i bypassed ; )
lesson: don’t think so much just give it a shot may be you will do better then other’s 😀
so this was all guys ; )
i hope you liked it 😀