LFI to RCE via access_log injection

Cookie-Based Cross-Site Scripting (XSS)


This vulnerability counts as medium risk. All you need is install Cookies Manager+ addon in firefox or any other addon/plugin that use to manipulate cookie.

Browse the page as usual.


Open Cookies Manager+ and search for vulnerable cookie parameter, in this case is C_UL parameter. Double click on it and change the content with XSS payload and Save it.





Back to the browser, refresh the page and you will see the pop-up.



Thats it! This kind of vulnerability worth 50-100 usd in bug bounty program. Happy hunting! :)

Comments

Gaurav said…
Effective Studying Habits
How to improve Childs Reading and writing Skills
India's Best CBSE, ICSE, State Boards School Syllabus mapped E Learning App for K-12 Students. This Learning App covers learning courses from Kindergarten to Class 12th which makes Concept Learning Effective and Easy Learning Experience.
Max Roy said…
I get more information about Cookie-Based Cross-Site Scripting from your blog. Keep writing more blogs on tech. Now it's time to avail Average Home Insurance Rates in Texas by City for more information
Riley Smith said…
This post providing information about Cookie-Based Cross-Site Scripting (XSS) is highly informative and important. Thank you for sharing this valuable information and raising awareness about the potential risks associated with cookie-based XSS. Read more about Professional Door Installation Services in Morganville for more information.
Sandy Stefan said…
Understanding the risks of Cookie-Based Cross-Site Scripting (XSS) is vital for user data and protecting web applications. Keep sharing more updates with us. Now read more about preston to manchester airport taxi for more information.