Reflected XSS in Pastebin-view

Disclosed: 2014-06-28 13:48:03 By pseudochu To irccloud

Unknown

Vulnerability Details

The paste ID passed in via the URL in the Pastebin-view is inserted between `<script>` tags unsanitised. This leads to reflected XSS that bypasses all major XSS protection software (Chrome, IE...). Normal request: https://www.irccloud.com/pastebin/nhm4f6pB Proof-of-concept: https://www.irccloud.com/pastebin/";alert(0);%2F%2F I've never used **HackerOne** before so please let me know if my report is missing something important!

Actions

View on HackerOne

Report Stats

Report ID: 17540
State: Closed
Substate: resolved
Upvotes: 2

Reflected XSS in Pastebin-view

Vulnerability Details

Actions

Report Stats

Share this report