XSS Reflected - nonpersistent on cimb bank

Assalamualaikum warahmatullahi wabarakatuh,

From old my story

Exploiter Codename : KindoL
Victim : https://www.cimbbank.*

Technic Hacking : XSS Vunlreability here I want to submit a gap on your website, namely https://www.cimbbank.*

XSS payload reference: https://www.owasp.org/index.php/Cross-site_Scripting_XSS
https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt, the first thing I do is test the livelihood column with xss payload in the form of

And right I found a bug xss vulnreabilty on the website.

The XSS bug is a bug that should be of particular concern to website developers because of this bug allowing attackers / hackers to do cookie stealing. And that is very dangerous.

Reference, IMPORTANT please read! : https://logsmylife.wordpress.com/2009/05/14/xplodecms-cross-site-scripting-xss-injection/

Thank you for your attention

Wasalamualaikum warahmatullahi wabarakatuh

- Reported as 27/7/2019
- Fix and no notification
- Have a question 21/02/2020
- Confirmed a bug fixed 24/02/2020

Follow My Social Media :

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Bagus Lindu Pamungkas

Hello, I am a student who loves a lot about IT security, UI design and programing. I enjoy learning many things and always will. "Not great but well trained"