This issue can be exploited by malicious users to execute arbitrary code on the user’s system in context of the affected website. This issue was discovered by Sergey Shilov of WhiteCryption. An XSS vulnerability was discovered in the official website of Birth Certificate Management System version 1.0. The advisory in detail can be found here. This issue allows malicious users to inject malicious code into the client-side of a vulnerable website to control anything that can be controlled on the front-end such as showing ads, using the user’s social media accounts to send spam, etc. This XSS vulnerability can be exploited by malicious persons to inject malicious code into the client-side of a vulnerable website to control anything that can be controlled on the front-end such as showing ads, using the user’s social media accounts to send spam, etc. What should be kept in mind here is that this vulnerability can be exploited by sending a simple XSS code to the user’s email address. This may not sound like a serious vulnerability but it is very important to keep XSS vulnerabilities in mind.

How to Bypass XSS Protection in Website?

A way to bypass the XSS protection on the website is by sending a simple XSS code to the user’s email address. The email may not be displayed on the website, but it will still be received by the user.
To bypass this type of protection, a malicious person sends an email with a simple XSS code to the victim’s inbox. When they click on that link in the email, they will trigger the vulnerability and gain access to their account without any notification.

Injection Vulnerability

This XSS vulnerability allows malicious users to inject code into the client-side of a vulnerable website to control anything that can be controlled on the front-end such as showing ads, using the user’s social media accounts to send spam, etc.

Timeline

Published on: 10/14/2022 15:16:00 UTC
Last modified on: 10/17/2022 16:18:00 UTC

References