Hey guys, how are you going? I hope good!
Today, I am going to share the PoC of two vulnerabilities which I've found in Dato Capital.
So, the two bugs were following:
- Open URL Redirection
- Cross Site Scripting
Open URL Redirection:
First, I'll write about the Open URL Redirection, which I've found in Dato Capital.
The vulnerable pages was /isn/Login and the vulnerable parameter was u=
the final URL was https://en.datocapital.com/isn/Login?u=[Evil Site Here]
After the victim login to his/here account, her/she will be redirected to attacker's site.
STEPS TO REPRODUCE:
- Go to this URL: https://en.datocapital.com/isn/Login?u=https%3A%2F%2Fwww.google.com.pk%2F
- Log in to your account
- You will be redirected to Google.com.pk
Cross Site Scripting (XSS):
Now, I am going to write about the stored cross site scripting bug which I've found in Dato Capital, the vulnerable areas were [Name, VAT#, ADDRESS] and the type of xss was stored, so the site was defacealbe and whenever the user visits, pop-up will occur each time.
STEPS TO REPRODUCE:
- Login to account
- Go to menu
- Click on Edit profile
- Check mark on generate invoices
- In all fields, enter this payload: "><img src="x" onerror=prompt(document.domain)>
- Again click on edit profile, xss will pop-up!
And for reporting these two issues, Dato Capital listed my name in thier Hall of Fame, and wrote "2 contributions" as you can see in the screenshot:
Thanks for reading.