Saturday, August 22, 2015

XSS in Edmodo.com (Bug Bounty)

So this bug is about an XSS vulnerability I found in Edmodo. The bug is now fixed. They have responded for 3 days (pretty fast) and also fixed the vulnerability on the last day.


 Steps to reproduce:

1. To reproduce the issue. You must have, of course, an Edmodo account. 

2. Go to the upper left panel and you will see 3 symbols, click the left one which is the "Backpack".

3. Now after that, go to "Folders".. on the left pane.

4. Click new folder. And enter the payload.. Now here is the trick:
                     *Ordinary payloads like: "><img src=x onerror=alert(1)>
                                                         will be filtered... to bypass... I used this instead:
                                                              &#x3C;img src=x onerror=alert(5)&#x3e; 

5. Now click "Create"...

6. XSS Pop-up.


POC:





As a reward, they will give me goodies :)  like Edmodo mugs, T-shirt etc....




 Timeline:

August 17 ---- Reported and Triaged

August 18 ---- Vulnerability confirmed. Asked for my mailing address for reward delivery

August 19 ---- Vulnerability was fixed. 

 
Thats all. Thanks :)





No comments:

Post a Comment