How i Found Store XSS on BitPay

How i Found Store XSS on BitPay

Hello Guys, This is Hamid Ashraf Today I am sharing with u how I found store xss on bitpay.

POC

login id  bitpay.com
Go Hosted Catalog Item
page down Go Collect Buyer’s Information click on Add Custom Field
add the xss payload
here`s the xss payload

now click on save changes
now click on test link
open new tab when link is open click on bitcoin checkout now button
xss alert

POC Video

hope you enjoyed! If you have any kind of question please don’t hesitate to ask me, either way here or via email at hamihax@gmail.com

  • how to deface website completely with xxs vulnerability?

    • use this in your target website as

      http://www.targetwebsite.com/

      2 – Script for chaning the background image of a website:

      3 – Defacement Page with Pastehtml:

      First of all upload some defacement page(html) to pastehtml.com and get the link.

      When you find a XSS vulnerable site, then insert the script as :

      This script will redirect the page to your pastehtml defacement page.

      Note: You can deface only persistent XSS vulnerable sites.

Skip to toolbar