This article discusses the discovery of a reflected XSS (RXSS) vulnerability on Samsung’s semiconductor subdomain, specifically through its chatbot feature. Although it was categorized as ‘Out Of Scope’ and required user interaction for exploitation, the writer shares insights on the process and the eventual creation of a malicious bookmark payload to carry out the attack. It emphasizes the learning experience from this security investigation. Affected: Samsung semiconductor subdomain, users of older web browsers
Keypoints :
- The author discovered an RXSS vulnerability while investigating Samsung’s chatbot on the semiconductor subdomain.
- Initial tests with various XSS payloads on the chatbot were successful, leading to further exploration to escalate self-XSS to reflected XSS.
- By analyzing JavaScript files, the author found a function that could reflect user input directly onto the webpage.
- A malicious bookmark was created using a payload that would execute an image tag causing the victim’s cookies to be sent to an attacker’s server.
- The attack relies on user bookmarking the malicious link, which executes in the console when the site is visited.
- Although the attack’s severity is low and newer browsers restrict certain actions, older versions could still be vulnerable.
- The discovery was reported to the relevant team, who acknowledged the issue.
- Encouragement to use AI and think creatively when searching for bugs in security testing.
Full Story: https://infosecwriteups.com/reflected-xss-using-bookmark-937cf27c5725?source=rss—-7b722bfd1b8d—4