Blind XSS Vulnerability Report...!🛡️

Hey everyone! 👋

I recently discovered a Blind XSS vulnerability in a private application. For the sake of this post, let’s call the target mnop.com. 🔍

Vulnerability Description

A Blind Cross-Site Scripting (Blind XSS) vulnerability was identified in the feedback form of the application. The application fails to properly sanitize user inputs, allowing an attacker to inject malicious JavaScript. This script executes when privileged users, such as administrators, interact with the stored input in their dashboard.

Target Application Details

URL: https://mnop.com/platform/feedback/prio?id=138046&overlay-task-popup=1
Affected Component: Feedback Form

Proof of Concept (PoC)

Step 1: Payload Injection

The following payload was crafted to execute JavaScript upon interaction by an admin:


"><input onfocus=eval(atob(this.id)) id=Y291bGllU3RlYWxUaGlzCg==>

This payload, when injected into the feedback form, decodes a script on interaction and executes it in the admin’s browser.

Injection Process:

Access the vulnerable endpoint:
https://mnop.com/platform/feedback/prio?id=138046
Submit the feedback form with the payload:
- Parameter: Feedback Content
- Payload:
```
"><input onfocus=eval(atob(this.id)) id=Y291bGllU3RlYWxUaGlzCg==>  
```

Step 2: Payload Execution

Trigger Point: The payload executes when the admin interacts with the feedback field in their dashboard.

Captured Details:

Cookies:

XSRF-TOKEN=LbpJL36E7ZTV5qFxdPMtozXZ4tFALLsgW3knPvzK  
session_id=66a79449-b180-4d99-89ce-38a48f8f23c1

Browser Information:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko)  
Version/16.6.1 Safari/605.1.15

Victim IP Address:
86.160.115.* (partially hidden for security reasons 🛡️)

Impact 🚨

This vulnerability allows attackers to:

Steal sensitive information such as session cookies or personal data.
Execute unauthorized actions on behalf of the admin.
Escalate privileges or compromise backend systems.

Key Takeaway: 📝

Blind XSS vulnerabilities pose a significant threat, especially when user inputs are not properly sanitized. Tools like BXSS dashboards and Burp Collaborator can help in detecting and exploiting these weaknesses. Always secure your web applications with proper input validation, output encoding, and Content Security Policies (CSP) to prevent such attacks. 🔒

Feeling confused? 😕🫤
Don’t worry, I’ve got you! 🙌 Feel free to drop a comment below or shoot me a DM on LinkedIn if you need further clarification. I’m happy to help. 💬 Let’s keep the web safe together! 🌐✨

Bug Found