Hey guys, how are you going? I hope good!
Today, I am going to share the PoC of two vulnerabilities which I've found in Dato Capital.
So, the two bugs were following:
- Open URL Redirection
- Cross Site Scripting
Open URL Redirection:
First, I'll write about the Open URL Redirection, which I've found in Dato Capital.
The vulnerable pages was /isn/Login and the vulnerable parameter was u=
the final URL was https://en.datocapital.com/isn/Login?u=[Evil Site Here]
After the victim login to his/here account, her/she will be redirected to attacker's site.
STEPS TO REPRODUCE:
- Go to this URL: https://en.datocapital.com/isn/Login?u=https%3A%2F%2Fwww.google.com.pk%2F
- Log in to your account
- You will be redirected to Google.com.pk
Cross Site Scripting (XSS):
Now, I am going to write about the stored cross site scripting bug which I've found in Dato Capital, the vulnerable areas were [Name, VAT#, ADDRESS] and the type of xss was stored, so the site was defacealbe and whenever the user visits, pop-up will occur each time.
STEPS TO REPRODUCE:
- Login to account
- Go to menu
- Click on Edit profile
- Check mark on generate invoices
- In all fields, enter this payload: "><img src="x" onerror=prompt(document.domain)>
- Again click on edit profile, xss will pop-up!
And for reporting these two issues, Dato Capital listed my name in thier Hall of Fame, and wrote "2 contributions" as you can see in the screenshot:
Thanks for reading.
3 comments
Excellent work bro great time ahead!
I have been hacked by someone from Germany IP. He has stolen all of our million digital coins (Ripple, Doge, Digibyte and Reddcoin) worth approx. $4000.
We can have a 50% deal on this with you. Can you help us?
Welcome to JAMBO CASINO - 922 Photos & 14 Reviews
Welcome 제주도 출장샵 to JAMBO CASINO. We have a large casino 성남 출장마사지 floor that spans 1000 slots and 80 table games. It's the closest 안성 출장샵 you 보령 출장마사지 can get 밀양 출장마사지 to JAMBO. Rating: 4 · 14 votes
EmoticonEmoticon