Security vulnerabilities

  • Status Closed
  • Assigned To
    cbay
  • Private
Attached to Project: Security vulnerabilities
Opened by anoopsingh2807 - 04.08.2025
Last edited by cbay - 05.08.2025

FS#198 - Reflected XSS

Description
Reflected cross-site scripting (or XSS) arises when an application receives data in an HTTP request and includes that data within the immediate response in an unsafe way.

Impact
It was observed that the web app was vulnerable to reflect based xss attack due to improper input validation.An attacker can steal a user’s cookies and download malware on their system, and many more attacking scenarios a skilled attacker can perform with XSS. E.g.: • Cookie stealing with Session hijacking • Malicious code injection • Advance phishing page with iframe technique • Stored XSS to Remote Code Execution

Recommendation
To remedy XSS vulnerabilities, it is important to never use untrusted or unfiltered data within the code of an HTML page. Filtering of untrusted data typically involves converting special characters to their HTML entity encoded counterparts (however, other methods do exist, see references). These special characters include: * `&` * `<` * `>` * `'` * `'` * `/`

Step 1: go to this url https://admin.alwaysdata.com/support/add/ step 2: the we going vulnerable parameter "Other participants" input field input the "><script>alert(document.domain)</script> then submit the from after that got XSS popup

   1.png (358.4 KiB)
   2.png (376.2 KiB)
Closed by  cbay
05.08.2025 07:21
Reason for closing:  Duplicate
Additional comments about closing:  

https://security.alwaysda ta.com/task/2

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing