XSS - telekom, allegro, mediamarkt, ikea
It seemed to me that this type of error does not appear in popular websites or portals anymore.. and yet - recently I managed to find some more or less serious errors like Cross-site scripting (XSS) as some time has passed and they were all patched, I decided to share the details.
- Telekomhilft in user data, specifically a field called 'dtag.user.profile.contact.label' after entering the following payload:
<img src=1 href=1 onerror="javascript:alert('XSS')"></img>
I got a bug bounty of € 250
2. Allegro, or rather the discussion forum at spolecznosc.allegro.pl, also had a trivial error leading to the execution of arbitrary code. Unfortunately, according to the rules available on the hackerone portal, this subpage is not included in the bug bounty program.
3. MediaMarkt Fotolab made it possible to execute arbitrary code by preparing a graphic file with modified EXIF headers and then transferring this file to the server.
4. Ikea, when configuring user data and then intercepting and modifying the HTTP - PUT query using the Burp Suite tool, it was possible to inject XSS code into the 'firstNamePhonetic' field.