http://social.barracks.army/profile.php
Others
I would like to report a critical security vulnerability discovered in the Profile URL section of your web application. This issue allows an attacker to execute a stored cross-site scripting (XSS) attack and exploit Cross-Site Request Forgery (CSRF) to achieve full account takeover, putting user data and system security at risk.
Full Account Takeover
- Login into domain http://social.barracks.army/
- Go to edit profile and enter following payload in profile URL section "></img><script>alert(document.cookie)</script>
- Now intercept the request in burp suite -> Right click on it -> "Engagement Tools" -> Generate CSRF POC
- Save that file as ANYNAME.html and host it on any website.
Now when victim will open this file and click on submit ( or we can create POC with autosubmit too), his bio will updated with our XSS payload and attacker will get victim's cookie ( via webhook )
( Remote JAVASCRIPT EXECUTION )
Input Validation and Sanitization: CSRF Protection: Content Security Policy (CSP): Regular Security Testing: Security Awareness Training:
9.3
Null_traiger