https://www.24hours.pk – XSS Vulnerability

Controversial Cyber Crime Bill approved by NA
April 13, 2016
propakistani.pk – XSS vulnerability
May 16, 2016

https://www.24hours.pk – XSS Vulnerability

24hours.pk Online Shopping in Pakistan

 

Website : https://www.24hours.pk

Bug : Reflected XSS ( Cross site scripting)

Submitted By  : Haq Khokhar ( https://twitter.com/Abdulhaqkhokhar )

Location/ URL  :   https://www.24hours.pk/deals/search

Vulnerable Field : Search bar

Steps to Reproduce :
1)Goto : https://www.24hours.pk and select any City ( i.e https://www.24hours.pk/Karachi)
2)Now you can see there is an search bar so just past the XSS vector payload on here and hit the Enter.
3)After Hitting , you will get XSS Popup window.

Leave a Reply