• Stored Xss in Freelancer

    Hello Guys.Hope You are Doing Well Today i am Just Disclosing my Recent Finding on Bugcrowd.I just Founded Stored Xss Vulnerability in Main Domain of Freelancer i.e,
    http://www.freelancer.com/

    I Just Reported it and Got Nice Freelancer Swag and Some Kudos I am Also expecting  Reward From Them But AnyWay.


    So, Lets Move on Towards the PoC of My Submission

    POC:-

    1. Login
    2. Go to the Profile and Click Edit
    3. in Bio Section add the Simple Xss Payload i.e,
    4.    "><script>alert(1);</script>
    5. Click Save
    6. Open Profile in New Tab
    7. XSS ! BOOM 

     Watch Video PoC:- 




    Report Summary:-

    Submission created
    2017-03-30 13:31:50 UTC

    State changed
    2017-03-31 06:29:04 UTC
    Freelancer Engineer changed state to resolved

    Freelancer Engineer Rewarded You With Swag 

    Thanks,
    Abdulwahab
  • 0 comments:

    Post a Comment

    Powered by Blogger.