HACKED NOKIA WITH REFLECTED CROSS-SITE SCRIPTING VULNERABILITY….

Hello, Hackers Welcome to my other write-up of Nokia Hacked with RXSS Vulnerability…

This time Nokia is my target…

I started from Google Dorks…

site:*nokia.com inurl:/login.jsp?msg=

And I discovered this url

Nokia Self-Certification IOT - Login Page

As you can see the msg parameter says ‘Session Timed out. Please Login Again’

LOOK INTO STEPS:

1. Simply I entered script tag into message parameter like this <script></script>

See what happened

2) I enterd this payload into messsage parameter.

<IMG%20SRC=”https://d15shllkswkct0.cloudfront.net/wp-content/blogs.dir/1/files/2011/08/nokia-hacked.png"><h1>Too%20Weak%20Security</h1>

Impact of Reflected XSS:

Attackers use phishing emails, malicious links, and other techniques to trick victims into making a request to the server. The reflected XSS malicious data is then executed in the victim’s browser.

Youtube Video: https://youtu.be/e9kpmCajTzA

Thanks for taking the time to read my write-up and share it with your friends, Like & Follow for more updates.

Follow me:

Instagram

Twitter

Facebook

LinkedIn