Reflected XSS at sbermarket.ru

MailRU Program at HackerOne

привет хакерам,

Program → MailRU Group

Domain → sbermarket.ru

Hacktivity → https://hackerone.com/reports/898344

Bounty → $0

This time, I selected Sbermarket.ru as a target.

Started Information Gathering

Found a search endpoint with a parameter named “keywords”

Ended up trying everything I could.

I read somewhere that 20 minute naps are best friend of a hacker when stuck. So I did this.

And OMG!!! as soon as I tried this payload:

/%0a%0a/<img src=x onerror=alert(document.cookie)>

JS alert popped up with domain’s cookie as object value

Takeaway → Always try to include newline character (%0a) in your payload.

спасибо!