Hello all folks _/_ Bhai Ji
s , Bhaiya Jis, i was quite busy in my office work and etc , thats why i was unable to write some good stuffsWell , Today we will talk about Heroku XSS ,
Lets come to the point , First i want to tell you that , while testing Heroku i was thinking that i cant find something interesting , because many researchers have already discovered many things , So The Chance For A Valid Bug Is Quite Low =D
==========================================================================================
One of the sub domain of Heroku was vulnerable to XSS
Like abc.heroku.com/emailpreference/a/asdahioih2h3o4iho23h4
Sorry for the long description , But i also want that the person who are newby in this area can understand this thing
So first i was try for the reflection point , So usually first i tried endpoint of the url - abc.heroku.com/emailpreference/a/asdahioih2h3o4iho23h4[ourreflectionpoint]
As i hope i got reflection in response , So finally this is our xss point ,
First i perform simple test of - <script>alert(1)</script> , And in response i got 404 , And I was like
Reflection is working fine if we enter some normal text , But if we inject some js then it will simple return an error , which redirect us to 404 page
So first i have to solve this issue , I try URL encoding with this js <script>alert(1)</script> and i was able to pass that restriction of blocking our payload , response came without any 404 error
Here is the second problem comes , The application is simply rejecting <script> <video> and all other payload , It was look like that application is using Blacklist payloads , And i was like
After some analysis i found that <img src > is not listed in his blacklist functions , So my final payload with <img src=x onerror=alert(/OOpps-XSS-/)</script> with URL encoding and the output is like
My Feeling After XSS
Finally !! Game Over
Sorry that i was forget to take all of the screen shot , But i here i tried to show the exact scene of xss
No comments:
Post a Comment