Rewarded From Lumosity

 

Lumosity had a undiscovered DOM XSS  vulnerability during their signup process. By injecting our payload into the name field we were able to get javascript interpreted back nicely in the edit page. Here is a screenshot. Also we can change our name parameter to our XSS payload and get javascript interpreted back the same way. This is a persistent DOM XSS vulnerability.

XSS

 

 

After reporting this within 4 days I got an email thanking me and I was rewarded with a month premium 😉

Screenshot2

 

lumosity

 

 

Thanks for the reward 😉

 

 

 

 

 

 

Advertisements

Leave a Reply