How i Found Store XSS on BitPay

| September 17, 2015 | Security | 2 Comments

How i Found Store XSS on BitPay

Hello Guys, This is Hamid Ashraf Today I am sharing with u how I found store xss on bitpay.

POC

login id  bitpay.com
Go Hosted Catalog Item
page down Go Collect Buyer’s Information click on Add Custom Field
add the xss payload
here`s the xss payload

<script>alert('XSS');</script>

now click on save changes
now click on test link
open new tab when link is open click on bitcoin checkout now button
xss alert

POC Video

hope you enjoyed! If you have any kind of question please don’t hesitate to ask me, either way here or via email at hamihax@gmail.com

Related Posts

About The Author

Hamihax

Hamid Ashraf is an Independent Security Researcher, Internet marketer, Entrepreneur and a SEO consultant,

2 Comments
  1. william Reply

    how to deface website completely with xxs vulnerability?

    • Hami Reply

      use this in your target website as

      http://www.targetwebsite.com/

      2 – Script for chaning the background image of a website:

      3 – Defacement Page with Pastehtml:

      First of all upload some defacement page(html) to pastehtml.com and get the link.

      When you find a XSS vulnerable site, then insert the script as :

      This script will redirect the page to your pastehtml defacement page.

      Note: You can deface only persistent XSS vulnerable sites.

Add a Comment

Your email address will not be published. Required fields are marked *