Rewarded From Lumosity


Lumosity had a undiscovered DOM XSS  vulnerability during their signup process. By injecting our payload into the name field we were able to get javascript interpreted back nicely in the edit page. Here is a screenshot. Also we can change our name parameter to our XSS payload and get javascript interpreted back the same way. This is a persistent DOM XSS vulnerability.




After reporting this within 4 days I got an email thanking me and I was rewarded with a month premium 😉






Thanks for the reward 😉







Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.