Sunday, 5 October 2014

Heroku XSS

Hello all folks _/_  Bhai Jis , Bhaiya Jis, i was quite busy in my office work and etc , thats why i was unable to write some good stuffs

Well , Today we will talk about Heroku XSS ,

Lets come to the point , First i want to tell you that  , while testing Heroku i was thinking that i cant find something interesting , because many researchers have already discovered many things , So The Chance For A Valid Bug Is Quite Low =D

==========================================================================================



One of the sub domain of Heroku was vulnerable to XSS

Like abc.heroku.com/emailpreference/a/asdahioih2h3o4iho23h4

Sorry for the long description , But i also want that the person who are newby in this area can understand this thing

So first i was try for the reflection point , So usually first i tried endpoint of the url - abc.heroku.com/emailpreference/a/asdahioih2h3o4iho23h4[ourreflectionpoint]

As i hope i got reflection in response , So finally this is our xss point ,

First i perform simple test of - <script>alert(1)</script> , And in response i got 404 , And I was like






Reflection is working fine if we enter some normal text , But if we inject some js then it will simple return an error , which redirect us to 404 page

So first i have to solve this issue , I try URL encoding with this js <script>alert(1)</script> and  i was able to pass that restriction of blocking our payload , response came without any 404 error

Here is the second problem comes , The application is simply rejecting <script> <video> and all other payload , It was look like that application is using Blacklist payloads , And i was like


After some analysis i found that <img src > is not listed in his blacklist functions , So my final payload with <img src=x onerror=alert(/OOpps-XSS-/)</script> with URL encoding and the output is like




 My Feeling After XSS




Finally !! Game Over





Sorry that i was forget to take all of the screen shot , But i here i tried to show the exact scene of xss

No comments:

Post a Comment

Featured post

Yandex IMAP Brute Forcing(No Rate Limit For Login Attempts)

Hello Guyzssss, I am not in bug bounty so much, But while using one of the yandex service, I found that there was no Rate Limit Deploye...

Popular Posts