XSS Reflected - nonpersistent on cimb bank
Assalamualaikum warahmatullahi wabarakatuh,
From old my story
Exploiter Codename : KindoL
Victim : https://www.cimbbank.*
Technic Hacking : XSS Vunlreability here I want to submit a gap on your website, namely https://www.cimbbank.*
XSS payload reference: https://www.owasp.org/index.php/Cross-site_Scripting_XSS
https://github.com/Pgaijin66/XSS-Payloads/blob/master/payload.txt, the first thing I do is test the livelihood column with xss payload in the form of
And right I found a bug xss vulnreabilty on the website.
The XSS bug is a bug that should be of particular concern to website developers because of this bug allowing attackers / hackers to do cookie stealing. And that is very dangerous.
Reference, IMPORTANT please read! : https://logsmylife.wordpress.com/2009/05/14/xplodecms-cross-site-scripting-xss-injection/
Thank you for your attention
Wasalamualaikum warahmatullahi wabarakatuh
- Reported as 27/7/2019
- Fix and no notification
- Have a question 21/02/2020
- Confirmed a bug fixed 24/02/2020
Follow My Social Media :