How i found a non Persistant xss in RBS(reserve bank of scotland)

Hi mates,

I was thinking to start releasing my PoCs which are resolved during Bug Hunting or the Security Vulnerabilities i found

This one is on RBS(Reserve Bank of Scotland), they have a Bug Bounty program

So  the xss vulnerability was in their subdomain "jobs.rbs.com" which i found using "DNS dumpster" and "subbrute"

so it is their job portal where a person can apply for job or search for one, So usesually there is a search parameter which i thought of to test for some vulnerabilites.

so after running my "XSSRAYS addon" i found that the "Search" parameter is vulnerable to xss and suddenly there was popup "1" which is caused of the xss payload that entered which is

/*-->]]>%>?></object></script></title></textarea></noscript></style></xmp>'-/"/-alert(1)//><img src=1 onerror=alert(1)>'

Explaination of~ why using the above xss payload?

well the first /*-->]] will use to bypass the length  after the <object> makes the entire payload as an object part so it will interact with browser which makes it usable on any modern browser no also it changes the style and lastly there will be a broken image

"<img src=1"

and it pops up an alert "1"

you can change the "src=" with any image of gif you like as i did so

 it looks more attractive ;-)

so now its resolved and all i got is Thanks from rbs :) but i m quit happy wit that


its great , keep on hunting



my mail : dorkerdevil280@gmail.com
twitter:@D0rkerdevil
github:dorkerdevil


Comments

Popular Posts