Report detailed about bug xss in your site : ontobee.org // Cross Site Scripting / Security Vulnerability Notification| Important
387 views
Skip to first unread message
chabik hatim
Jan 18, 2023, 2:00:18 AM1/18/23
to jrot...@umich.edu, ah...@umich.edu, msch...@umich.edu, bpu...@umich.edu, joeg...@umich.edu, eh...@umich.edu, dmc...@umich.edu, dca...@umich.edu, an...@umich.edu, msek...@umich.edu, all...@umich.edu, sca...@umich.edu, aps...@umich.edu, tb...@umich.edu, pray...@umich.edu, aaq...@umich.edu, englis...@umich.edu, resilie...@umich.edu, lsi-c...@umich.edu, lsa-advancem...@umich.edu, sa...@umich.edu, sh...@umich.edu, ad...@umich.edu, webm...@umich.edu, ab...@umich.edu, mark...@umich.edu, con...@umich.edu, sup...@umich.edu, in...@umich.edu, ser...@umich.edu, secu...@umich.edu, ontobee...@googlegroups.com
Hello Dear Sir,good morning
i looking for bugs in my spare time to help you make your site very secure, and the security of your site is a priority for me
and i am here writing this email to inform you that i found a bug on your website
the bug i find is cross site scripting(xss)
*description of the xss : one of the most popular attacks on the web, which is injected by your site with a script that executes malicious commands on the visitors' computers, meaning that your site becomes a means of catching the victims through a script planted by the hacker on your site.
In XSS, the hacker does not target your site at first, but rather uses it as a bridge to cross to the victims who are browsing it, exploiting a gap in your site that sneaks through your visitors to attack them
*Impact: If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:
Perform any action within the application that the user can perform.
View any information that the user is able to view.
Modify any information that the user is able to modify.
Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user
stealing cookies
reference video :https://www.youtube.com/watch?v=L5l9lSnNMxg
reference :https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
_____________________________________________________________________
*Domain: ontobee.org
*parameter affected : https://ontobee.org/search?ontology=&submit=Search+terms&keywords=
*payload : "><svG onLoad=prompt('xss')>
__________________________________________________________
I do this work to alert you of a bug in your website and fix xss bug and make your site safer
I have experience in this field for more than 6 years, I have a lot of certificates in this field and my name is included in many sites in the hall of fame
It is possible if I wanted to work with you in finding many serious bug that negatively affect your site
And I am very happy to make your site safer,
i will be very happy if you accept a request to work together to make your site secure
Really desperately need a reward in these difficult circumstances that the world is going through, to help myself with study requirements, this is the only job I work and earn money and this money I help myself in my studies and my family .
I hope you can see my message and respond to me please
I need your response
only help me and appreciate me for this work in your site to make your site safer
may i request you to if it is possible ? sir, I'll be very grateful to you .
i would be very happy if you reward me
if possible that my account paypal
PayPal : chabi...@gmail.com
< Please , if you read my message please tell me, so that i know you got it, please let me know if you’re interested in this and as i am a security researcher, possible if you want to work together and discover more very important bugs , to make your site more secure , i look forward to hearing from you >
Sincerely, best regards
Hatim chabik
I hope you are fine and in a good health you and your family
First, I want to tell you about the beginning of a happy year full of joys and success
I wish you a good start and good work. I also wish you success in your career, I wish you the best always for you and your family.
I wish you a good start and good work. I also wish you success in your career, I wish you the best always for you and your family.
I hope this message finds you well. I’m reaching out today because i found bug xss in your site
:
ontobee.org
i'm hatim chabik third year university student and security researcher
in my spare time
the work i do : https://www.openbugbounty.org/researchers/H_chabik/
i looking for bugs in my spare time to help you make your site very secure, and the security of your site is a priority for me
and i am here writing this email to inform you that i found a bug on your website
the bug i find is cross site scripting(xss)
*description of the xss : one of the most popular attacks on the web, which is injected by your site with a script that executes malicious commands on the visitors' computers, meaning that your site becomes a means of catching the victims through a script planted by the hacker on your site.
In XSS, the hacker does not target your site at first, but rather uses it as a bridge to cross to the victims who are browsing it, exploiting a gap in your site that sneaks through your visitors to attack them
*Impact: If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:
Perform any action within the application that the user can perform.
View any information that the user is able to view.
Modify any information that the user is able to modify.
Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user
stealing cookies
reference video :https://www.youtube.com/watch?v=L5l9lSnNMxg
reference :https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
_____________________________________________________________________
Details about bugs xss :
POC :*Domain: ontobee.org
*parameter affected : https://ontobee.org/search?ontology=&submit=Search+terms&keywords=
*payload : "><svG onLoad=prompt('xss')>
*link of xss vulnerable URL: https://ontobee.org/search?ontology=&submit=Search+terms&keywords=x%22%3E%3CsvG%20onLoad=prompt(%27xss%27)%3E
__________________________________________________________
I have experience in this field for more than 6 years, I have a lot of certificates in this field and my name is included in many sites in the hall of fame
It is possible if I wanted to work with you in finding many serious bug that negatively affect your site
And I am very happy to make your site safer,
i will be very happy if you accept a request to work together to make your site secure
Really desperately need a reward in these difficult circumstances that the world is going through, to help myself with study requirements, this is the only job I work and earn money and this money I help myself in my studies and my family .
I hope you can see my message and respond to me please
I need your response
only help me and appreciate me for this work in your site to make your site safer
may i request you to if it is possible ? sir, I'll be very grateful to you .
i would be very happy if you reward me
if possible that my account paypal
PayPal : chabi...@gmail.com
< Please , if you read my message please tell me, so that i know you got it, please let me know if you’re interested in this and as i am a security researcher, possible if you want to work together and discover more very important bugs , to make your site more secure , i look forward to hearing from you >
Sincerely, best regards
Hatim chabik
security researcher
My account in twitter / https://twitter.com/H_chabik
Reply all
Reply to author
Forward
0 new messages