Rewarded From Lumosity

 

Lumosity had a undiscovered DOM XSS  vulnerability during their signup process. By injecting our payload into the name field we were able to get javascript interpreted back nicely in the edit page. Here is a screenshot. Also we can change our name parameter to our XSS payload and get javascript interpreted back the same way. This is a persistent DOM XSS vulnerability.

XSS

 

 

After reporting this within 4 days I got an email thanking me and I was rewarded with a month premium 😉

Screenshot2

 

lumosity

 

 

Thanks for the reward 😉

 

 

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s