Expected behavior
When clicking on links, refering steempayout.com I dont expect any xss vulnerabilities.
Actual behavior
There is the possibility to inject javascript to the side and this means I can do what ever I want to do with the users clicking that link...
How to reproduce
navigate to http://www.steempayout.com
enter the username you want to check the payout from.
manipulate the parameter within the url to your needs...
example :
http://www.steempayout.com/?username=snackaholic
to
https://steempayout.com/?username=%3Cscript%3Ealert(%22hallo%22)%3C/script%3E
- Browser:
Google Chrome Version 65.0.3325.181 - Operating system: Windows 10
Recording Of The Bug
Screenshot of Google Chrome protecting the user:
Screenshot of the malicious code that got injected to the site:
Posted on Utopian.io - Rewarding Open Source Contributors