Bitcastle Disclosed Report

Bug bounty report bitcastle Web

Reflected XSS Vulnerability in redirect Parameter on kyc.bitcastle.io Leading to Account Hijacking Risks(Waf Bypass)

Company
Created date
Jan 08 2025

Target

https://bitcastle.io/en

Vulnerability Details

A reflected Cross-Site Scripting (XSS) vulnerability exists on the kyc.bitcastle.io domain. This occurs due to improper input sanitization, allowing an attacker to inject malicious JavaScript code. When users interact with the "Later" button or log in to their accounts and upload id file, the payload executes, leading to potential compromise of sensitive information such as cookies.

Validation steps

Steps to Reproduce Navigate to the following URL: https://kyc.bitcastle.io/?redirect=javascri%09pt:alert(docu%09ment.cookie) Click on the "Later" button. Observe the XSS payload execution as an alert displaying the user's cookie.

Additionally,

Log in to your account on the platform.To uplaod kyc,go to the following link or go to this link from bitcastle.io. an image and xss aelrt will appear. https://kyc.bitcastle.io/?redirect=javascri%09pt:alert(docu%09ment.cookie)

Impact This vulnerability can allow attackers to:

Steal session cookies, leading to account hijacking. Execute arbitrary JavaScript in the user's browser. Perform unauthorized actions on behalf of the victim.

Here is the poc video link: https://drive.google.com/file/d/1AuPasNzclCVNUJNccYD5BmE4Tjr5GFm2/view?usp=sharing

CommentsReport History
Details
Statedisclosed
Severity
hidden
Bounty
hidden
Visibilitypartially
VulnerabilityCross-site Scripting (XSS) - Reflected
Participants
hidden