Open URL Redirection and Xss In Dato Capital


This post is published by Ahsan Tahir as a contributor on Bug Bounty POC .Note that the post is written by Ahsan Tahir, & any mistake in writing will be entertained only from him We allow anyone to write contents on our blog as a guest/contributor so other can also learn.If you’re interested in sharing your finding through Bug Bounty POC Platform just sign up on blog and you can post freely.

Hello Bug Bounty Poc viewers, this is Ahsan Tahir, and this is my second write-up on bug bounty poc, so this time I’ve found Open URL Redirection & Xss In Dato Capital.

Let’s quickly get onto the topic!

So, the two bugs were following:

  1. Open URL Redirection
  2. Cross Site Scripting

Open URL Redirection:

First, I’ll write about the Open URL Redirection, which I’ve found in Dato Capital.
The vulnerable pages was /isn/Login and the vulnerable parameter was u=
the final URL was https://en.datocapital.com/isn/Login?u=[Evil Site Here]
After the victim login to his/here account, her/she will be redirected to attacker’s site.

STEPS TO REPRODUCE:

  • Go to this URL: https://en.datocapital.com/isn/Login?u=https%3A%2F%2Fwww.google.com.pk%2F
  • Log in to your account
  • You will be redirected to Google.com.pk

Cross Site Scripting (XSS):

Now, I am going to write about the stored cross site scripting bug which I’ve found in Dato Capital, the vulnerable areas were [Name, VAT#, ADDRESS] and the type of xss was stored, so the site was defacealbe and whenever the user visits, pop-up will occur each time.

STEPS TO REPRODUCE:

  • Login to account
  • Go to menu
  • Click on Edit profile
  • Check mark on generate invoices
  • In all fields, enter this payload: “><img src=”x” onerror=prompt(document.domain)>
  • Again click on edit profile, xss will pop-up!

VIDEO PoCs:

 

 

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *