XSS injection on emails on our latest ethical hack findings
While doing a basic code review for a client's web portal (bridging customers and service) we came across potential vulnerabilities which could compromise the system and recommended a proper ethical hack to screen the system. Our team managed to find 25 vulnerabilities including several SQL and XSS injections.
We also uncovered an exciting Reflected/Stored XSS Injection which managed its way into an email as well! XSS injection allows a hacker to inject a code into the application allowing it to perform a functionality it was never meant to. This is what our ethical hacker had to say about the finding:
"During the test it was noticed that the application does not escape the inputs passed by users and forwards them as it is in the email sent. Though most of the email clients have mechanism/filters to prevent XSS Injections, the application shouldn’t rely on an external entity for this. Furthermore in the future if these submissions are stored in the database, they can result in stored XSS injections whenever displayed on web pages.
Some of the reputed email clients may start blocking the emails from the site if they notice high frequency of injectable payload in the email content."