Hi Everyone,
this time I’ll show you my finding, the name is XSS Stored on JD.id
I found this bug at the Alamat Pengiriman page
Affected Point : https://c.jd.id/order/confirm_order.html
Payload :
<img src=x onerror=alert(document.cookie)>
After I Input the payload and Boom :D
The Payload has been Executed
I try to contact of JDID team but no one give me response
and after a month I try to check again on that endpoint, I see the bug has been fixed :(
TIMELINE :
Report : 9/9/2021
Fixed : 9/10/2021
Reward : -
