Found A Security Flaw - Xss

[Faizann20]

Hi, I am a bit of a security researcher (not a professional though). I was just testing the site when I came across this flaw. I want to report it to the team. They won't read the email seriously, any other method?

 

 

 

 

[N4TE_B]

We appreciate you letting us know about potential security issues.

 

From what I can draw from your report, the xss alert is showing up via a script you are running to monitor your browser for this kind of potential security vulnerability. Is the "xss_by_Faizan" your own script, hence the name association with your forum handle?

 

I'll definitely let the appropriate team know, and again we appreciate you flagging this.

 

As you've redacted the URL, I assume you are on the BitTorrent Client Help Center, and from the fragment I can see, it looks like you are looking at a specific article. Would you mind dropping in the URL, and letting us know whether it's just this page or the whole Help Center site?

 

Awesome, thanks!

[Faizann20]

Thanks for the reply.

Actually, what I did was that I rated the page then I copied the source code of the image, pasted it in a text file, converted it into html and then opened that file from the computer. And there was this pop-up, not what I can do with this flaw is that I can upload that html file somewhere, craft a url with that file and makes someone open it, whenever someone will open it, the pop-up will be there. Its not exactly the flaw on the site, its a bit indirect but it's still affecting it. As it can leads to user cookies, session ids etc I didn't use any script, just a simple code.

 

Thanks

Faizan Ahmad

 

It can effect almost every article. Again stating that it's a bit indirect exploitation. The image is attached.