How i Found Store XSS on BitPay

How i Found Store XSS on BitPay

Hello Guys, This is Hamid Ashraf Today I am sharing with u how I found store xss on bitpay.

POC

login id  bitpay.com
Go Hosted Catalog Item
page down Go Collect Buyer’s Information click on Add Custom Field
add the xss payload
here`s the xss payload

<script>alert('XSS');</script>
now click on save changes now click on test link open new tab when link is open click on bitcoin checkout now button xss alert POC Video hope you enjoyed! If you have any kind of question please don’t hesitate to ask me, either way here or via email at hamihax@gmail.com


Comments

2 responses to “How i Found Store XSS on BitPay”

  1. how to deface website completely with xxs vulnerability?

    1. use this in your target website as

      http://www.targetwebsite.com/

      2 – Script for chaning the background image of a website:

      3 – Defacement Page with Pastehtml:

      First of all upload some defacement page(html) to pastehtml.com and get the link.

      When you find a XSS vulnerable site, then insert the script as :

      This script will redirect the page to your pastehtml defacement page.

      Note: You can deface only persistent XSS vulnerable sites.

Leave a Reply

Your email address will not be published. Required fields are marked *