The cookie-based XSS on the Terrahost main domain leads to the account takeover. The researcher was testing the terrahost.no main domain. There was a functionality where he could choose the service, then register an account and place an order. After looking into the requests in Burp, he found
With the above parameter, he found a Self XSS, and later he managed to escalate the issue to account takeover.
This post was created with our nice and easy submission form. Create your post!