Vulnerability Disclosure Form

Uploaded by

sewahi9783

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

22 views

Vulnerability Disclosure Form

Uploaded by

sewahi9783

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 1

NCIIPC Responsible Vulnerability Disclosure

1. Reporter’s Details
a) Full Name Ankush Kumar Rajput
b) Email [email protected]
c)Organisation/Company
2. Vulnerability Details (Check mark)
a) Vulnerability Name Reflected Cross-Site Scripting
■ XSS SQLI Stack Overflow
LFI Click Jacking User After Free
b)Vulnerability category XSRF Information Leakage Heap Overflow
Insecure Direct Object Reference Broken Authentication
Memory Corruption Security Misconfiguration
c) Description
(Use Separate Sheet for additional information)
Cross-site scripting (XSS) is a type of web application security vulnerability where an
_______________________
attacker can inject malicious code (usually JavaScript) into a website that is viewed by
3. Type of Vulnerability (Check ■ Web Application Operating System(OS)
other users. The vulnerability arises when a website does not properly validate user
mark) SCADA Any Other
input or encode output, allowing an attacker to inject their own code into the website.
If other please describe in brief Cross site scripting attack can have devastating
When a victim visits the website, the malicious script executes in their browser, often
4. Date when issue found consequences.Code
16/05/2023
(dd/mm/yyyy) injected into a vulnerable application
without the victim's knowledge or consent. This can allow the attacker to steal sensitive
can exfiltrate data or install malware on the user's
__________________________________________________________
1. Nav to https://taxation.punjab.gov.in/

information, such as login credentials or session cookies, from the victim's browser.
2.Go to search bar
3. Enter XSS Payload:(use one by one)

machine .Attackers can masquerade as authorized users

"><script>alert(window.location)</script>

5. Steps to reproduce __________________________________________________________

The attacker can then use this__________________________
information to impersonate the victim or perform other
"><script>alert("Your are Hacked")</script>

via session cookies ,allowing them to perform any action

4.Reflected the popup

6. Whether POC screenshots/files/documents malicious

attached?actions.■ Yes No
allowed by user account.
There are several types of XSS
7. Reported to Affected Organisation? attacks, including reflected,
Yes stored, and DOM-based
No
XSS.
8. Reflected
Affected XSS name
Organisation’s occurs when the injected
Taxation code is reflected back toofthe
CommissionerateDepartment user in
Excise & the
TaxationG
server's
9. Affectedresponse. Stored
Organisation’s https://taxation.punjab.gov.in/products/search/?search=&data%
URL XSS occurs when the injected code is permanently stored on
10.the
Affected
serverOrganisation’s
and executedemail [email protected]
whenever a user visits the affected page. DOM-based XSS
Web Application Client Software
occurs when the attacker is able to modify the DOM (Document Object Model)
11. Vulnerable Product type Server Software Firmware
directly, bypassing server-side validation.
Operating System Hardware
XSS attacks are a serious security threat, and website owners should take steps to
12. Vulnerable Product name & Version Web Application
prevent
13. them.
If reported, This
Email ID includes validating
to whom details sent user input, encoding output, and implementing
[email protected]
strict
14. content
If reported, security
date policies. Users can
when reported also protect themselves by using a browser
16/05/2023
15. Patch extension
released? that blocks known XSS attacks Yes or by disabling JavaScript
No on
16. If patch released, date of patch releaseuntrustedwebsites.
(dd/mm/yyyy)
17. Anonymity (Yes/No)
NO

Cross Site Scripting Presentation Slides
No ratings yet
Cross Site Scripting Presentation Slides
23 pages
Xss Documentation
No ratings yet
Xss Documentation
6 pages
XSS
No ratings yet
XSS
13 pages
Cross-site Scripting (XSS)
No ratings yet
Cross-site Scripting (XSS)
7 pages
Cyber Project Report
No ratings yet
Cyber Project Report
7 pages
Lecture 15 WebSecurity
No ratings yet
Lecture 15 WebSecurity
10 pages
XSS Attack and how to mitigate it
No ratings yet
XSS Attack and how to mitigate it
8 pages
Paper_81-Cross_Site_Scripting_Research_A_Review
No ratings yet
Paper_81-Cross_Site_Scripting_Research_A_Review
7 pages
SecuringWebApplicationsAgainstCross-SiteScriptingXSSVulnerabilities
No ratings yet
SecuringWebApplicationsAgainstCross-SiteScriptingXSSVulnerabilities
8 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
6 pages
Cross Site Scripting (XSS)
No ratings yet
Cross Site Scripting (XSS)
32 pages
Cross-Site Scripting (XSS)
No ratings yet
Cross-Site Scripting (XSS)
6 pages
Idealancy Xss Bug Report
No ratings yet
Idealancy Xss Bug Report
5 pages
XSS (Cross-Site Scripting)
No ratings yet
XSS (Cross-Site Scripting)
18 pages
Cross Site Scripting: Name/Mohammed Aburas ID/382015800
No ratings yet
Cross Site Scripting: Name/Mohammed Aburas ID/382015800
17 pages
What Is Cross-Site Scripting (XSS) ?
No ratings yet
What Is Cross-Site Scripting (XSS) ?
4 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
3 pages
Cross Site Scripting XSS
No ratings yet
Cross Site Scripting XSS
31 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
20 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
20 pages
10 Practical scenarios for XSS attacks
No ratings yet
10 Practical scenarios for XSS attacks
21 pages
3.2 Web Application Attacks
No ratings yet
3.2 Web Application Attacks
23 pages
Truth of Cross Site Scripting (XSS)
No ratings yet
Truth of Cross Site Scripting (XSS)
14 pages
pib-home bug report
No ratings yet
pib-home bug report
9 pages
task 2 report xss
No ratings yet
task 2 report xss
16 pages
Cross Site Scripting Ethical Hacking Lab Exercise
No ratings yet
Cross Site Scripting Ethical Hacking Lab Exercise
10 pages
A Study On Removal Techniques of Cross-Site From Web Application
No ratings yet
A Study On Removal Techniques of Cross-Site From Web Application
7 pages
Cross-site Scripting (XSS)
No ratings yet
Cross-site Scripting (XSS)
17 pages
Cross Site Scripting Cheat Sheet
No ratings yet
Cross Site Scripting Cheat Sheet
3 pages
Xampp & XSS Attacks
No ratings yet
Xampp & XSS Attacks
10 pages
XSS
No ratings yet
XSS
3 pages
Reflected Cross Site Scripting (XSS) Attacks
No ratings yet
Reflected Cross Site Scripting (XSS) Attacks
4 pages
Was 4
No ratings yet
Was 4
117 pages
Xss - Cross-Site Scripting
No ratings yet
Xss - Cross-Site Scripting
43 pages
week 9 XSS (2)
No ratings yet
week 9 XSS (2)
49 pages
NA
No ratings yet
NA
2 pages
[CyberSec'24] Lab05 - Student Version
No ratings yet
[CyberSec'24] Lab05 - Student Version
29 pages
Cyber Security - Lecture 3
No ratings yet
Cyber Security - Lecture 3
15 pages
serie11
No ratings yet
serie11
3 pages
Broken Web Security
No ratings yet
Broken Web Security
87 pages
houzz xss bug report
No ratings yet
houzz xss bug report
6 pages
What Is Cross-Site Scripting (XSS) and How To Prevent It - Web
No ratings yet
What Is Cross-Site Scripting (XSS) and How To Prevent It - Web
6 pages
Cross-Site Scripting Attacks Procedure and Prevention Strategies
No ratings yet
Cross-Site Scripting Attacks Procedure and Prevention Strategies
3 pages
Cross_site_Scripting_and_HTML_Injection__1739193556
No ratings yet
Cross_site_Scripting_and_HTML_Injection__1739193556
17 pages
Cross Site Scripting (XSS)
No ratings yet
Cross Site Scripting (XSS)
11 pages
07. Cross-Site Scripting (XSS)
No ratings yet
07. Cross-Site Scripting (XSS)
34 pages
Lecture 8(1)
No ratings yet
Lecture 8(1)
15 pages
XSS Vulnerabilities
No ratings yet
XSS Vulnerabilities
6 pages
XSS Vulnerability Assessment and Prevention in Web Application
No ratings yet
XSS Vulnerability Assessment and Prevention in Web Application
4 pages
XSS
No ratings yet
XSS
1 page
Cross Site Scripting (XSS) : by Amit Tyagi
0% (1)
Cross Site Scripting (XSS) : by Amit Tyagi
31 pages
Final Report Sample
No ratings yet
Final Report Sample
6 pages
Cross Site Scripting 004
No ratings yet
Cross Site Scripting 004
15 pages
Week 9 XSS
No ratings yet
Week 9 XSS
60 pages
Unit 3 Part2
No ratings yet
Unit 3 Part2
57 pages
Week 20220 Report
No ratings yet
Week 20220 Report
28 pages
Cross-Site Scripting Attack: Manaloto, Joel Jr. S. BSIT 3-2 Case Study 1
No ratings yet
Cross-Site Scripting Attack: Manaloto, Joel Jr. S. BSIT 3-2 Case Study 1
3 pages
Prevention_Of_Cross-Site_Scripting_Attacks_XSS_On_
No ratings yet
Prevention_Of_Cross-Site_Scripting_Attacks_XSS_On_
5 pages
JavaScript Programming: 3 In 1 Security Design, Expressions And Web Development
From Everand
JavaScript Programming: 3 In 1 Security Design, Expressions And Web Development
Richie Miller
No ratings yet
Introduction to Web Hacking: Cross-site Scripting
From Everand
Introduction to Web Hacking: Cross-site Scripting
Gary Drocella
No ratings yet
Chorus Notebook 6 - Master
No ratings yet
Chorus Notebook 6 - Master
46 pages
Comprehensive Viva of Java
No ratings yet
Comprehensive Viva of Java
28 pages
Dll-Ps-Modules - Psap 3
No ratings yet
Dll-Ps-Modules - Psap 3
4 pages
Lab Guide - VDP10c-02 - Accessing SLAs
No ratings yet
Lab Guide - VDP10c-02 - Accessing SLAs
12 pages
Cognitive Functions of Language According To G. W. Leibniz: Halina Święczkowska
No ratings yet
Cognitive Functions of Language According To G. W. Leibniz: Halina Święczkowska
18 pages
[Ebooks PDF] download (Ebook) Freudian Dictionary: A Comprehensive Guide To Freudian Concepts by Jose Luis Valls ISBN 9780367151034, 0367151030 full chapters
100% (7)
[Ebooks PDF] download (Ebook) Freudian Dictionary: A Comprehensive Guide To Freudian Concepts by Jose Luis Valls ISBN 9780367151034, 0367151030 full chapters
67 pages
Chapter 01 - Introduction To .NET Platform - Visual
No ratings yet
Chapter 01 - Introduction To .NET Platform - Visual
42 pages
Tad Vishno Paramam Padam'
No ratings yet
Tad Vishno Paramam Padam'
10 pages
Operating System LAB: Project - 2
No ratings yet
Operating System LAB: Project - 2
16 pages
GT T File Formats
No ratings yet
GT T File Formats
4 pages
Missionary: Abraham: The First
No ratings yet
Missionary: Abraham: The First
8 pages
Letter To Pete
No ratings yet
Letter To Pete
2 pages
Using SST With Gen4 Systems
No ratings yet
Using SST With Gen4 Systems
8 pages
3D Marine Geometry: Overview of Processing Methodology
No ratings yet
3D Marine Geometry: Overview of Processing Methodology
24 pages
Protean Face Renaissance
No ratings yet
Protean Face Renaissance
18 pages
African Prototypes
No ratings yet
African Prototypes
9 pages
Oxe Um Ale 500 400 300 r300 8al90399enae 2 en
No ratings yet
Oxe Um Ale 500 400 300 r300 8al90399enae 2 en
150 pages
Implementing Failover of Logical Replication Slots in Patroni
No ratings yet
Implementing Failover of Logical Replication Slots in Patroni
37 pages
Music 10 4th Q Musical PLay
No ratings yet
Music 10 4th Q Musical PLay
3 pages
Thong Tin Khách
No ratings yet
Thong Tin Khách
7 pages
Holy Unto the Lord by Luke Lefevre
No ratings yet
Holy Unto the Lord by Luke Lefevre
61 pages
White Trash Cooking Exploding the Cookbook - FLOYD 2023
No ratings yet
White Trash Cooking Exploding the Cookbook - FLOYD 2023
19 pages
Lab Manual
No ratings yet
Lab Manual
6 pages
Books DELTA
50% (2)
Books DELTA
4 pages
M - Talking About Jobs
No ratings yet
M - Talking About Jobs
2 pages
The Feminist Avant Garde In American Poetry First Edition Elisabeth A. Frost - The ebook version is available in PDF and DOCX for easy access
100% (1)
The Feminist Avant Garde In American Poetry First Edition Elisabeth A. Frost - The ebook version is available in PDF and DOCX for easy access
47 pages
Eng 2 FNU - Activity 2
No ratings yet
Eng 2 FNU - Activity 2
2 pages
EAPP 3rd WEEK
No ratings yet
EAPP 3rd WEEK
21 pages
34 Weeksoneyearofvocabularyhomeworknoooootests 4 Thgrade
No ratings yet
34 Weeksoneyearofvocabularyhomeworknoooootests 4 Thgrade
48 pages
Life of Christ Reflection
No ratings yet
Life of Christ Reflection
4 pages