BugCrowd Bug Bounty Disclosure: – Stored-xss is working – By agnihackers123

The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct at the time of posting.

Program


Program Information

indeed

indeed

Details


Additional Information

  • Priority:

hello @Indeed I found stored-cross site on the activity which allows an attacker to steal admin account cookies.Users can execute JavaScript code in the context of other users. This is critical when targeted users have high privileges. Attackers are then able to grant themselves the administrator privileges and even takeover the ownership of the New Relic account.The hacker selected the Cross-site Scripting (XSS) – Stored weakness. This vulnerability type requires contextual information from the hacker. They provided the following answers:1)open the url:- [site] 2)Then type the company name is “hello” 3)Then change hello to javascript is entered 4)next button > click 5)Then show the popup message . 6)next page is on then refresh the page cookie is working popup message is show. 7)This is stored XSS.This vuln is stored-xss . Attacker targeted users have high privileges. The hacker selected the Cross-site Scripting (XSS) – Stored weakness.–>>Even attacker can easily get the cookie.Thanks.

Submitted By


Submitter Information

  • Hacker Points: 98
  • Hacker Accuracy: 85.6%
  • Hacker Rank: 2123rd

agnihackers123


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn