{"id":116,"date":"2023-06-24T12:23:00","date_gmt":"2023-06-24T05:23:00","guid":{"rendered":"https:\/\/n45ht.or.id\/blog\/?p=116"},"modified":"2024-12-14T12:30:16","modified_gmt":"2024-12-14T05:30:16","slug":"stored-xss-on-chess24com","status":"publish","type":"post","link":"https:\/\/n45ht.or.id\/blog\/stored-xss-on-chess24com\/","title":{"rendered":"Stored XSS on Chess24.com"},"content":{"rendered":"\n

I recently registered on Chess24.com<\/strong> and, after playing a few games, decided to conduct a quick security analysis on the website. I focused on the profile settings page to test for potential vulnerabilities.<\/p>\n\n\n\n

XSS Payload Injection<\/h4>\n\n\n\n

Without wasting much time, I tested a common XSS payload<\/strong> by adding it directly to my profile settings page.<\/p>\n\n\n\n

Injected Payload:<\/strong><\/p>\n\n\n\n

https:\/\/site.com\/?\"\/onmouseover=\"alert(1)<\/code><\/pre>\n\n\n\n
This was my first attempt at injecting the payload into the URL.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
After saving the XSS payload in my profile settings, I checked the source code of the page. The injected payload was reflected in the HTML source as follows:<\/p>\n\n\n\n
Source Code (After Saving):<\/strong><\/p>\n\n\n\n
<\/circle><\/circle><\/circle><\/g><\/svg><\/span><\/path><\/path><\/svg><\/span>
<a<\/span> <\/span>href<\/span>=<\/span>"<\/span>https:\/\/site.com\/?<\/span>"<\/span>\/onmouseover="alert(1)"<\/span>><\/span>https:\/\/site.com\/?"\/onmouseover="alert(1)<\/span><\/a><\/span><\/span><\/code><\/pre><\/div>\n\n\n\n
This indicated that the website was not properly sanitizing or escaping user inputs, making it vulnerable to stored XSS<\/strong>.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Stored XSS Triggered<\/h4>\n\n\n\n
As expected, after visiting the page where the payload was stored, I was able to trigger the stored XSS<\/strong>. The payload was executed successfully, showing an alert box.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
#HappyHacking<\/strong><\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
I recently registered on Chess24.com and, after playing a few games, decided to conduct a quick security analysis on the website. I focused on the profile settings page to test for potential vulnerabilities. XSS Payload Injection Without wasting much time, I tested a common XSS payload by adding it directly to my profile settings page. […]<\/p>\n","protected":false},"author":3,"featured_media":120,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[23,9,8],"class_list":["post-116","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-research","tag-bug-bounty","tag-cross-site-scripting","tag-xss"],"_links":{"self":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/comments?post=116"}],"version-history":[{"count":1,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/116\/revisions"}],"predecessor-version":[{"id":121,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/posts\/116\/revisions\/121"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/media\/120"}],"wp:attachment":[{"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/media?parent=116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/categories?post=116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/n45ht.or.id\/blog\/wp-json\/wp\/v2\/tags?post=116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}