Bug Bounty Alibaba : Self (XSS) Vulnerability – Digitalmunition

Videos Bug Bounty Alibaba : Self (XSS) Vulnerability

Published on April 19th, 2019 📆 | 6794 Views ⚑


Bug Bounty Alibaba : Self (XSS) Vulnerability


Report & Participant : Andri Wahyudi

Website : http://alibaba.com/
Status : Patched
Type : Self (XSS)

The attacker can access the victim’s cookies associated with the website using document.domain, send them to his own server, and use them to hijack the session of target user. An attacker can also register a keyboard event listener using addEventListener and then send all of the user’s keystrokes to his own server, potentially recording sensitive information such as passwords and credit card numbers.

Contact : [email protected]
04/03/2019 ~ Report Vulnerability
16/03/2019 ~ Bug Valid.
16/03/2019 ~ ( Out Of Scope )

2019-04-19 19:37:16


Tagged with:

Leave a Reply ✍