Apr 7, 2018

Reflected XSS on www.zomato.com By Mustafa Hasan

Advertisement
Reflected XSS on www.zomato.com By Mustafa Hasan 

Reference 

Bounty : 100$ 
it was not fair Pay for XSS in main Domain of  zomato.com

The issue exists because, given that the \ character supplied as the state parameter value is not well escaped and reflected into the page, we are able to use it to escape the " and then inject our own JS code to execute it on the page.

https://www.zomato.com/googleOAuth2Callback?)%7D(alert)(location);%7B%3C!--&state=\







Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

0 comments: