Stealing local storage data through XSS

blog.h4rsh4d.com · devanshbatham/Awesome-Bugbounty-Writeups · 9 hours ago · vulnerability
0 net
Tags
account-takeover bug-bounty facebook google open-redirect writeup xss
Stealing local storage data through XSS Skip to main content Stealing local storage data through XSS Get link Facebook X Pinterest Email Other Apps April 25, 2019 Stealing local storage data through XSS In this blog, I'm going to show how to steal local storage data and one of my same finding on bugcrowd.😀 See screen shot below which is storing sensitive data in Local Storage. Local Storage. Its easy to steal this Local stored data through javascript localStorage.getItem() function. lets alert this data through console for demonstration. Payload : alert(localStorage.getItem('access_token')) Simple Example through Console I have found same challenge previously on bugcrowd private program. Authorisation token was responsible to handle web application session but they are storing that authorisation token in local storage. which is not a good way to protect session tokens. So i manged to find Stored XSS on that program and that XSS is getting executed on Admin Account. Bingo !! 😜 it take me 2 min to craft payload and steal that authorisation token. ezpz 😎 I submitted that vulnerability as Stored XSS to Admin Account Takeover. 😅 Final Payload : JavaScript will pickup local storage data and concat it to end of the string at the time of onerror event handler execution. after that it will redirect to evil.com with data. i.e local stored data. Redirection towards attackers server. Attacker server received Local Stored data Note : it's recommended not to store sensitive information in local storage. 😂 Bounty awarded : $800 (Happy with it) 😄 Thanks for Readings .. 💜💜💚 Get link Facebook X Pinterest Email Other Apps Comments Smaran 27 April 2019 at 05:30 Nice one brother. Reply Delete Replies Reply Add comment Load more... Post a Comment Popular posts from this blog March 17, 2018 OLX Reflected XSS on Resend Code link !! This is my first write up ! sharing is caring !! 😎 This is not big finding , just one of my noob xss that i have found on OLX.in To change password , OLX firstly sends OTP to registered phone number and hold on for user to enter OTP number but on the same page they have provided the link which resend code (which get highlight after some seconds if user failed to enter the code) so i checked the request and response of that resend code functionality and its pretty sending mobile number and hash as parameter ph="phone number" & h="hash" I changed that default user "ph" value to victims number but no luck because of another parameter "h=xxxxxxxxxxxxxxxxxxxx" (hash) 😫 So after that i decided to test for XSS on same functionality and found one ! ✌😜 OLX Reflected XSS I checked the context and entered payload in "ph" parameter ph= " onmouseover="alert... Read more open redirect bypass August 09, 2022 Simple Open Redirect Bypass. Was checking the login page for XSS and other stuff. noticed that the login page had one hidden parameter. " returnToUrl " Here, Application had some server-side protection which was checking user input URL's. Payload : https://google.com : forbidden Payload : //google.com : forbidden Payload: https://142.250.188.4 : forbidden Bypass Payload: https: /// google.com https://example.com/something/do/login?returnToUrl=https: /// google.com 💜 Read more Harshad Gaikwad Twitter : @h4rsh4d Linkedin : https://in.linkedin.com/in/h4rsh4d Visit profile Archive August 2022 1 June 2020 1 April 2019 1 March 2018 1
← Back to stories