Kartier Pohs

Thursday, August 27, 2015

Cross Site Scripting Vulnerability in Nvidia.

Nvidia is a well known Graphics card manufacturer company.When I tested website of Nvidia http://www.nvidia.com.I found a Cross site scripting vulnerability ther.I reported this vulnerability to the security team of Nvidia and got reply within 1 hour.It shows that they are very carefull about security of their website.
 
Vulnerability Type: Reflected XSS(Cross site scripting) Vulnerable Link: http://www.nvidia.com/object/submit-security-vulnerability.html

Payload used:
"><svg/onload=prompt(/XSS-Tested-By-Yogesh-Prasad/);>

Reproduction step:

 
 
step2- There are many input boxes in the above link.But all the input boxes are not vulnerable.
Only 3 input boxes are vulnerable,which is loophole for hackers.
Three input boxes 
"Explanation",
"Please describe the best way to replicate this security issue" and 
"Please provide sample code or proof of concept, if any." are vulnerable to XSS.
 
step3- Now start filling that form.In above given 3 vulnerable input boxes use this payload "><svg/onload=prompt('XSS');>
step4- Fill remaining fields with rough details like xyz.
Step5- Click on submit
DONE!! You will see the XSS popup box.
 
 
Proof:
Cross Site Scripting Vulnerability in Nvidia.


For reporting this vulnerability I got Appreciation certificate from Nvidia Team.
Cross Site Scripting Vulnerability in Nvidia.








No comments:

Post a Comment

Copyright 2015 @ Yogesh Prasad