So here I am with another finding of mine.I found Stored XSS in Apptentive. It was pretty easy to bypass their blacklist.
Vulnerable parameters were the account name of an account and the company name.So I created an account with a pretty simple payload
/<svg/onload=prompt(1)>''
Now as I refreshed my dashboard Payload got executed.
Team Fixed it pretty fast but it took them 4 months to send my token of appreciation...
Got some swags and Letter of Appreciation
Muhammad Abdullah
Vulnerable parameters were the account name of an account and the company name.So I created an account with a pretty simple payload
/<svg/onload=prompt(1)>''
Now as I refreshed my dashboard Payload got executed.
Team Fixed it pretty fast but it took them 4 months to send my token of appreciation...
Got some swags and Letter of Appreciation
Muhammad Abdullah
No comments:
Post a Comment