How I got my first swag on Edmodo with a simple XSS.

Hi friends,

Coming straight to the point, Edmodo has as option to create a class group.
Once you create a class group , you can add students , you can post images, links etc just like a facebook group.

As I previously told in the other post, before doing any recon I first sign up and see what are all the features that website has to offer.

First thing I did was to create a class group. Then I started to post stuff in the class , like images etc

There was also an option to share a link through the post.So,I shared a link ,
https://www.google.com in the group.

When I saw in the source code , just to check ,how is the application handling my input, I saw the following in the source code.

<a href=”https://www.google.com>google</a>

I was like well, now let me put by hacker hat and put XSS payload in href
i.e javascript:confirm(1)

To my surprise, it didn’t pop any error saying its an invalid URL.So,the final URL looked like below.

<a href=”javascript:confirm(1)”>random_stuff</a>

I shared the post in the group.Obviously I was 100000% sure, its gonna work.XSS!!!!!! But still, as always my heart was pounding until it actually shows a POP UP.

I clicked on the link shared annnnnnnd.

aaaaaannnnd Boooooooooooooooom!

I quickly made the POC and sent it to Edmodo and after two days! I got this mail. <3 <3

This was the story about my XSS on Edmodo.As always, I will be back with more.Stay tuned!!

You can always support me through Paypal!
>>paypal.me/icodechannel<<

2 Replies to “How I got my first swag on Edmodo with a simple XSS.”

  1. YOU NEED POTENTIAL CUSTOMERS THAT BUY FROM YOU ?

    Iā€™m talking about a better promotion method than all that exists on the market right now, even better than email marketing.
    Just like you received this message from me, this is exactly how you can promote your business or product.

    Do you want more details or do you want to receive a TEST ?
    CHECK HERE=> https://bit.ly/Good_Promotion

Leave a Reply

Your email address will not be published. Required fields are marked *