Nvidia is a well known Graphics card manufacturer company.When I tested website of Nvidia http://www.nvidia.com.I found a Cross site scripting vulnerability ther.I reported this vulnerability to the security team of Nvidia and got reply within 1 hour.It shows that they are very carefull about security of their website.
Vulnerability Type: Reflected XSS(Cross site scripting) Vulnerable Link: http://www.nvidia.com/object/submit-security-vulnerability.html
Payload used: "><svg/onload=prompt(/XSS-Tested-By- Yogesh-Prasad/);>
Reproduction step:
For reporting this vulnerability I got Appreciation certificate from Nvidia Team.
Vulnerability Type: Reflected XSS(Cross site scripting) Vulnerable Link: http://www.nvidia.com/object/submit-security-vulnerability.html
Payload used: "><svg/onload=prompt(/XSS-Tested-By-
Reproduction step:
step2- There are many input boxes in the above link.But all the input boxes are not vulnerable.
Only 3 input boxes are vulnerable,which is loophole for hackers.
Three input boxes
Only 3 input boxes are vulnerable,which is loophole for hackers.
Three input boxes
"Explanation",
"Please describe the best way to replicate this security issue" and
"Please provide sample code or proof of concept, if any." are vulnerable to XSS.
step3- Now start filling that form.In above given 3 vulnerable input boxes use this payload "><svg/onload=prompt('XSS');>
step4- Fill remaining fields with rough details like xyz.
Step5- Click on submit
DONE!! You will see the XSS popup box.
step4- Fill remaining fields with rough details like xyz.
Step5- Click on submit
DONE!! You will see the XSS popup box.
Proof:
For reporting this vulnerability I got Appreciation certificate from Nvidia Team.