Recently I’ve got mail notification from StartCom saying, that my S/MIME certificate is about to expire. So I decided to renew it.
First of all I have to validate my mail address and afterwards I have been on page where I can type my mail address for which I want to generate new certificate.
Used payload: <b onmouseover=alert(document.domain)>XSS
This is result:
As soon as they answered, I’ve discovered one more thing. I’m able to inject any class to error text 🙂
It can be done with payload: |b btn-success btn
and the result is that “b btn-success btn” is inserted as class to text “Input the wrong E-mail”.
26/7/2016 – Initial report to StartCom
26/7/2016 – Response from StartCom team – they responded in few minutes! Thumbs up for that!
29/8/2016 – Confirmation of fixed vulnerabilities from my side
30/8/2016 – Discovery of class inject and report to StartCom team – still not fixed
28/9/2016 – Public disclosure