Reflected XSS vulnerability in nokia subdomain website

Published on January 03, 2023 by Khafagy

Bug Hunter XSS

0 min READ

image

Hello, Hackers
Welcome to my write-up of Nokia Hacked with RXSS Vulnerability
This time Nokia is my target
And I discovered this URL: https://xxx-xxxx.nokia.com/xxxx/xxxx/LoginTemplate.jsp?Message=Session Timed out Please Login Again
As you can see the Message parameter says ‘Session Timed out. Please Login Again’

image

LOOK THIS: ###

Simply I entered script tag into the message parameter like this <img src=xxx:x onerror=javascript:alert("Hacked_By_KHAFAGY")>Khafagy_Was_Here

image

After Exploit:

image



image