How i Found Store XSS on BitPay

How i Found Store XSS on BitPay

Hello Guys, This is Hamid Ashraf Today I am sharing with u how I found store xss on bitpay.

POC

login id  bitpay.com
Go Hosted Catalog Item
page down Go Collect Buyer’s Information click on Add Custom Field
add the xss payload
here`s the xss payload

<script>alert('XSS');</script>

now click on save changes
now click on test link
open new tab when link is open click on bitcoin checkout now button
xss alert

POC Video

hope you enjoyed! If you have any kind of question please don’t hesitate to ask me, either way here or via email at hamihax@gmail.com

2 Comments

Add a Comment

Your email address will not be published. Required fields are marked *