Reflected XSS at DomaiNesia

Learn System Security - Reflected XSS at DomaiNesia ~


DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia's subdomain https://myid.domainesia.com.

Summary:
We required to upload an official document if buy a special domain, like ac.*/or.*/sch.*/etc. On the page used to upload the document, I found the Reflected XSS Vulnerability.

  • https://myid.domainesia.com/document/id/{uid}

When I click "+" to add some documents, a pop-up comes out that has a search field.

Then I tried to put XSS Payloads.
"/onmouseover=alert(1)//

Alert XSS fire up.
#1
#2

#HappyHacking

0 comments