Bypass Stored XSS on User Edit [ MatahariMall.com ]

Description

I’ve found Stored XSS on user edit in name field, actually MatahariMall.com have WAF to protect it, but i found some payload to bypass it.

Detail : 

Location Of Bug : 

https://www.mataharimall.com/user/edit

Payload : 

"'--!><Script /K/>confirm(1)</Script /K/>#

Step To Reproduce :

  1. Login to your MatahariMall account
  2. Go to User Edit
  3. Add your name with Payload
  4. Save it

It will showing up the XSS and when you access another page, it also will showing up, because the name of your account will be displayed at another page.

Browser :

  1. Chrome And Firefox

Note :

Team of MatahariMall.com fix the bug after 1 day I send report, Wow!

 

Video :

Bypassing XSS

So, after them patching my previous report i going to bypass it, and i bypass it with new payload.

Payload : –!”><svg/onload=confirm(“1”)>

And it pop up the XSS,

it’s a many way to bypass the firewall.

Thanks,