XSS Stored WriteUp- Cross Site Scripting in K*******.id
Haiii All.
Introduce my name is Tengku Arya Saptra. Here I found a security vulnerability, namely XSS on the k*******.id website (I can’t say the domain because of privacy) this website is related to online learning.
Stored Cross Site Scripting (XSS)
Stored XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc. And then a victim is able to retrieve the stored data from the web application without that data being made safe to render in the browser. (owasp.org)
Intro
XSS is in the top 10 OWASP 2017 vulnerability. Stored XSS occurs when attacker input a payload, most often JavaScript code, into a target system and then the victim executed the payload every time the victim visit the page. This type of attack is still common to be found on real target.
Usage
The first step I do is login to the website, how can I login? I logged in as a student / teacher by registering on the register feature on the website
the second stage is because I am logged in as a teacher I will add data / create an online learning group, this learning group can add other users / students who have registered on the site, as shown below I will add an xss payload, namely
payload : <img src=x onerror=prompt(document.cookie)>
here I will test whether the web is vulnerable to xss loopholes or not
and boom!😎
the website is vulnerable to xss as evidenced by a popup that displays a website cookie
here we can see that the payload is considered as a script in html.
why can i say this is xss stored ? If I use another user / student account who has joined the room / grub, instantly the payload in the grub name will be triggered on the page of other users / all students, and it clearly interferes with teaching and learning activities in the room / grub.
Timeline:
- 20/05/2022 Report
- 22/05/2022 Send report again because there are no response
- 24/05/2022 Fix and Hall of Fame
- 25/05/2022 Bug Bounty + Certificate of appreciation
Thank you for reading my writeup, if there are some things you don’t understand, you can read the references below.
