Cross-Site Scripting Vulnerability in MyThemeShop.com
Bug Type : Cross Site Scripting (XSS)
Checked in : Firefox
OS : Windows 7
Description of Vulnerability :
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
Impact of Vulnerability :
By exploiting this vulnerability, one can redirect a user to a malicious page and even can steal the session by injecting a malicious script.
Proof-of-concept :
https://mythemeshop.com/success/free/thanks.php?i=XYZ&pd=N&pr=alert('XSSed');&t=&u=
https://mythemeshop.com/success/free/thanks.php?i=alert('XSSed');&pd=N&pr=$0.00&t=&u=
https://mythemeshop.com/success/free/thanks.php?i=&pd=alert('XSSed');&pr=$0.00&t=&u=
Affected Areas :
1. The parameter 'pr' is vulnerable to XSS attack.
2. Even the parameter 'i' and 'pd' are vulnerable to XSS.
Steps to Reproduce :
1. First of all, I registered on your website 'www.mythemeshop.com'.
2. On the final page that says 'Hey! Thanks for Signing Up', the URL is something like this https://mythemeshop.com/success/free/thanks.php?i=XYZ&pd=All%20Free%20Themes&pr=$0.00&t=&u=
3. Then I crafted the URL to https://mythemeshop.com/success/free/thanks.php?i=XYZ&pd=N&pr=alert('XSSed');&t=&u=
4. And Bang! I got the pop up.
Timeline
*. Found : 12 April 2015
*. Reported : 14 April 2015
*. Fixed : 6 May 2015
Reward : $100 + DotMag Theme (Worth $49+)
I am an engineer who admires technology and related stuff. Apart from tech, I play badminton, love swimming, am foodie and a big Harley Davidson fan.
ConversionConversion EmoticonEmoticon