How i found a non Persistant xss in RBS(reserve bank of scotland)
Hi mates,
I was thinking to start releasing my PoCs which are resolved during Bug Hunting or the Security Vulnerabilities i found
This one is on RBS(Reserve Bank of Scotland), they have a Bug Bounty program
So the xss vulnerability was in their subdomain "jobs.rbs.com" which i found using "DNS dumpster" and "subbrute"
so it is their job portal where a person can apply for job or search for one, So usesually there is a search parameter which i thought of to test for some vulnerabilites.
so after running my "XSSRAYS addon" i found that the "Search" parameter is vulnerable to xss and suddenly there was popup "1" which is caused of the xss payload that entered which is
/*-->]]>%>?></object></script></title></textarea></noscript></style></xmp>'-/"/-alert(1)//><img src=1 onerror=alert(1)>'
Explaination of~ why using the above xss payload?
well the first /*-->]] will use to bypass the length after the <object> makes the entire payload as an object part so it will interact with browser which makes it usable on any modern browser no also it changes the style and lastly there will be a broken image
"<img src=1"
and it pops up an alert "1"
you can change the "src=" with any image of gif you like as i did so
it looks more attractive ;-)
so now its resolved and all i got is Thanks from rbs :) but i m quit happy wit that
its great , keep on hunting
my mail : dorkerdevil280@gmail.com
twitter:@D0rkerdevil
github:dorkerdevil
I was thinking to start releasing my PoCs which are resolved during Bug Hunting or the Security Vulnerabilities i found
This one is on RBS(Reserve Bank of Scotland), they have a Bug Bounty program
So the xss vulnerability was in their subdomain "jobs.rbs.com" which i found using "DNS dumpster" and "subbrute"
so it is their job portal where a person can apply for job or search for one, So usesually there is a search parameter which i thought of to test for some vulnerabilites.
so after running my "XSSRAYS addon" i found that the "Search" parameter is vulnerable to xss and suddenly there was popup "1" which is caused of the xss payload that entered which is
/*-->]]>%>?></object></script></title></textarea></noscript></style></xmp>'-/"/-alert(1)//><img src=1 onerror=alert(1)>'
Explaination of~ why using the above xss payload?
well the first /*-->]] will use to bypass the length after the <object> makes the entire payload as an object part so it will interact with browser which makes it usable on any modern browser no also it changes the style and lastly there will be a broken image
"<img src=1"
and it pops up an alert "1"
you can change the "src=" with any image of gif you like as i did so
so now its resolved and all i got is Thanks from rbs :) but i m quit happy wit that
its great , keep on hunting
my mail : dorkerdevil280@gmail.com
twitter:@D0rkerdevil
github:dorkerdevil
Comments
Post a Comment