Audiusa Reflective XSS
#1
Website: Audiusa.com

Areas of site effected: /search

type of xss: Reflective

code to trigger xss: <script> alert('@XSS');</script>

Picturehttp://prntscr.com/9auuzy  (image tags didnt work)

Yes i know this is old and probobly alot of people know about this, yet audi has not fixed this issue. 
Reply
#2
2 easy why they dont fix it though lol.
[Image: 3MjdjJw.png]
Reply
#3
This is not a peristant xss vulnerability, I'm 99% sure of it. Peristant xss aka stored xss is actually being stored by the server, displaying the content to other users. In this case the vulnerability is reflective and can be triggered by submission into /search. Too send payloads to users you would probably go and copy the search parameters used and maybe use a url shortener to send it to somone. (Source, wikipedia).

If you do alert("hello world") on /search that wont be displayed for me next time I visit search. Thus this is not stored. Either way nice find, crazy how Audi really doesn't care about their security.

Edit: IMG tags work, but you need to load it with https.
Reply
#4
(12-11-2015, 12:33 AM)Insider Wrote: This is not a peristant xss vulnerability, I'm 99% sure of it. Peristant xss aka stored xss is actually being stored by the server, displaying the content to other users. In this case the vulnerability is reflective and can be triggered by submission into /search. Too send payloads to users you would probably go and copy the search parameters used and maybe use a url shortener to send it to somone. (Source, wikipedia).

If you do alert("hello world") on /search that wont be displayed for me next time I visit search. Thus this is not stored. Either way nice find, crazy how Audi really doesn't care about their security.

Edit: IMG tags work, but you need to load it with https.

this is true, i already thought of this aswell persistent is when its stored xss.
Reply
#5
where is the solver list, you left that away since it was so easy ? Tongue
Reply
#6
(12-11-2015, 03:53 PM)rootaccess Wrote: where is the solver list, you left that away since it was so easy ? Tongue

I didn't think a solver list was needed for this hahaha. Is this the old root? Web app genius?
Reply
#7
(12-12-2015, 12:29 AM)XPRMX Wrote:
(12-11-2015, 03:53 PM)rootaccess Wrote: where is the solver list, you left that away since it was so easy ? Tongue

I didn't think a solver list was needed for this hahaha. Is this the old root? Web app genius?

and yea this is the old root from hacksociety, and no im not a genius lol.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] XSS through Exif headers Insider 1 546 06-16-2020, 11:51 AM
Last Post: LaZr4us
  Guide to XSS (Examples included) NO-OP 3 12,376 04-29-2019, 12:44 PM
Last Post: mhiats37
  [PoC] RunBox.com x MailChimp.com - Stored XSS Vulnerabilities (Bug Bounty Hunting) Daisuke Dan 3 5,754 04-24-2019, 08:47 PM
Last Post: thunder
  Exploiting Reflective XSS (Post) Insider 1 4,181 04-24-2019, 08:32 PM
Last Post: thunder