XSS in docs.gitlab.com/search
Leaving the HackerOne report below but the reporter didn't speak much English. Please see the first comment on the issue for more details.
HackerOne report
**HackerOne report #853231** by `lx98` on 2020-04-19, assigned to @dcouture:steps to find the gitlab bug:
- Enter https://hackerone.com by searching for the bounty site https://gitlab.com
- after that enter the site www.gitlab.com
- continue by searching for the https://docs.gitlab.com
- after that enter the search and enter the first xss payload
- enter and see the results of the xss vuln
- continue by making clickjaking bugs manipulating web site pages
- enter the clickjaking payload in Firefox browser by pressing Ctrl + O then search for the storage of the gitlab clickjaking
- after that go in and xss and clickjaking went smoothly thanks.
payload xss 1: -->">'>
payload xss 2: Hacked
payload clickjaking gitlab :
PocClickJacking vuln at Byirwan
Message :iframe { width: 1180px; height: 590px; position: absolute; top: 100; right: 100; filter: alpha(opacity=1); opacity: 1; }
-
document domain: docs.gitlab.com
-
document cookie: _ga=GA1.2.1746962001.1587176147; _gid=GA1.2.1416769275.1587176147; _gat_UA-37019925-1=1; CookieConsent=-1; _fbp=fb.1.1587176147180.1388945469; _mkto_trk=id:194-VVC-221&token:_mch-gitlab.com-1587176147226-48161; _biz_uid=49cc2c312e634511bd45845d9166e422; _biz_sid=6168bc; _biz_nA=2; _biz_pendingA=%5B%5D; _hjid=3fd84da6-9268-46a7-a663-bce6dc64c756; _biz_flagsA=%7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
Impact
DAMPAK HACKER DAPAT MENCURI COOKIE PENGGUNA MELALUI BUG XSS DENGAN BUG CLICKJAKING HACKER DENGAN GAMPANG MANIPULASI HALAMAN KE BUG XSS GITLAB TERSEBUT AGAR DAPAT MENCURI COOKIE PENGGUNA LAIN