Reflected XSS at DomaiNesia

Learn System Security - Reflected XSS at DomaiNesia ~

DomaiNesia is a company that serves domain name registration, Web Hosting, VPS, and others. I just found Reflected XSS Vulnerability at DomaiNesia's subdomain

We required to upload an official document if buy a special domain, like ac.*/or.*/sch.*/etc. On the page used to upload the document, I found the Reflected XSS Vulnerability.


When I click "+" to add some documents, a pop-up comes out that has a search field.

Then I tried to put XSS Payloads.

Alert XSS fire up.