Thursday, 18 June 2015

How I Convert Self Xss Into Stored Xss On Fb's Oculus

Hello guys after a long time i tested facebook acquisitions oculus first i try to find common bugs like cross site request forgery ,cross site scripting, click jacking , open redirect but oculus main domain is really secure so after sometime  i started testing oculus sub domains and in one of sub domain i got self cross site scripting bug and i converted it into stored cross site scripting sounds cool na?.

Vulnerable Domain:-  answers.oculus.com



SO HERE IS PROOF OF CONCEPT
   

 


hope you like my finding if you have any questions then please drop your comment i will try my best to answer your questions. 
 

7 comments:

  1. great ashish good going .

    ReplyDelete
  2. nice finding brother kindly post any tutorial about bypassing xss filters .

    ReplyDelete
  3. Bro you receive any bounty??

    ReplyDelete
  4. I don't think bounty nor HOF is given for this. Nowadays facebook doesn't care about acquisition . I found Stored XSS on one of the acquisition without minimal user Interaction and facebook replied our BB programme is now only around facebook.com . My question to them is then why the hell they wrote that our scopes are to acquisition also

    ReplyDelete
    Replies
    1. LOL Pity You... I got 500$ for XSS on Subdomain

      Delete
  5. I found some vulns in this site and they said the site of answers.oculus.com is out of scope :(

    ReplyDelete
  6. Kid this is not stored XSS, you have to learn more that what is actually stored XSS.
    Just answer me one question, Can you steal my cookie through this attack? I can't visit this page. Load draft option is only for you kid.

    ReplyDelete