Ebay Paypal Bug Bounty :Magento XSssed

Hello friends This post is the poc for the critical reflected xss which i have founded at Magento Search  bar . It was critical because the xss was in the search and the worst part was that it was also affecting The enterprise Magento software  (which was premium).

Hunting Process:

I tried first the usual one like “><img src=x onerror=prompt(document.domain);>  and then i constructed some   but all the other characters were filtering and none of them worked out but  interesting part was that while hitting the search i was getting the search result of all the other guys (hunter’s ) with some xss or scripts tags :v . Then i thought it has been already  patched or secure ! But still somewhere  i was having a hope to bypass their applied code then i thought to give a chance with obfuscation then i builded up this one with oldy goldy  hackbar  .

</SCRIPT>’><script>alert(String.fromCharCode(88,83,83))</SCRIPT>

and boom 😀 it just popped out !

magentoxss2
i reported  to them  under their  bug bounty program and unfortunately it was a duplicate one 😦  it has been done by another hunter and he enjoyed the treat of 1000$ ;-?
but still i bypassed ; )
lesson: don’t think so much just give it a shot  may be you will do better then other’s 😀
so this was all  guys  ; )

i hope you liked it  😀
@vishwaraj101

Advertisements

2 thoughts on “Ebay Paypal Bug Bounty :Magento XSssed

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s