/ / / / / POC:Cross Site Scripting (XSS) in Hackpad(By DropBox)

POC:Cross Site Scripting (XSS) in Hackpad(By DropBox)

, , , Edit
Hi!
This is the first POC of mine for this blog.I will be sharing the Cross Site Scripting Aka XSS vulnerability which I found in HACKPAD (By DropBox).

So,XSS in Hackpad

 It was Feb 2,2015.I saw DropBox Program on Hackerone.com,and tried to hunt dropbox for bugs.But I wasn't lucky.So I thought why not go for acquisitions.I searched Google for Dropbox acquisition and HackPad was the most recent one.

So,What was next.I created an account and started testing it.I think it was my lucky day.I put a simple vector in search bar (<ScRiPt>prompt(document.domain)</ScRipt>) and it got executed.I was surprised on it.Search bar !!! and its vulnerable.

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhYajhfvKyx-2FI2Ru6xcoK9vPs7M6CM_-WWEHTbstzCBlSzpSkHxtza1pvbM6h-Q-s_O6Ad6p8wwjdZhljSmCpSzQ31KxydhHuPdUB2fqzePlbHZM3QMcvYelgHJgWV6PRNMCzNYiw5w8/s1600/hackpad2.png

So I reported DropBox and bug was accepted and after 40 days it was fixed..
No bounty for that as it was not included in Bounty program but in reward I got

 HALL OF FAME:

 https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg4ckMlQgKHyp8z1s757KRsWD8qzvm72mUxK74WIzX08s4F7xVoBqtt_IdlBxYdqGk2y92W0nRysdmJoC1zVBb78irOFBPu4JYAITImjwD5dlZnLZOKCsk6_LWmd95fG0s_JYfyd60hwX4/s1600/11073961_1089173587776011_1414120928944766462_n.jpg


TIMELINE:
~REPORTED ON :15th FEB,2015
~FIXED ON : 25th MARCH,2015


REWARD:
~DROPBOX SWAG
~1TB DROPBOX STORAGE 
Share on Google Plus

About Unknown

    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment

Subscribe to: Post Comments ( Atom )