Categories
scout-dating service

Fragile Data visibility & Performing actions with respect to the target

Fragile Data visibility & Performing actions with respect to the target

As much as this time, we’re able to launch the OkCupid application that is mobile a deep website website link, containing a harmful JavaScript rule when you look at the area parameter. The after screenshot shows the ultimate XSS payload which loads jQuery and then lots JavaScript rule through the attacker’s host: (please be aware the top of area offers the XSS payload while the base section is the same payload encoded with URL encoding):

The screenshot that is following an HTTP GET demand containing the ultimate XSS payload (part parameter):

The host replicates the payload sent earlier in the time within the section parameter while the injected JavaScript code is performed within the context for the WebView.