Bug Hunting - Cross Site Scripting (XSS) Vulnerability Found On SteemMakers
- Repository: https://github.com/JefPatat/SteemMakers
- Project Name: https://www.steemmakers.com
- Publisher (if applicable): @steemmakers
Defending the Cross Site Scripting (XSS) Attack
SteemMakers is vulnerable to Cross Site Scripting (XSS) attacks.
How to reproduce
I checked Cross site scripting (CSS-XSS) vulnerability on SteemMakers. One of these experiments reflected a cookie on the screen. It is not good that such important vulnerability was present on SteemMakers.
- You can reflect the XSS cookie to the screen using the following code:
https://www.steemmakers.com/?limit='"()<ScRiPt >alert('!!! XSS Vulnerability Found by emirfirlar !!!')</ScRiPt>
- Browser/App version: Firefox Quantum 60.0.1 (32-bit)
- Operating system: Windows 7 professional SP1 (32 bit) Intel Core 2 Duo 2.13 Ghz , 4 gb RAM
Recording Of The Bug
- You can see the XSS Cookie Gif's below:
- You can see the XSS Cookie in the video in detail below:
- You can see the Xss detail in source below