XSS in Zoho Mail



Hello Friends,

How are you all? I hope you are doing good. 


After a long time, I'm sharing another interesting finding here.


Recently, 

Last month I found an XSS vulnerability in Zoho Mail. 

I was busy with my exams. I had to send some work via email to my friend. So, I opened my laptop and then opened my google mail and saw that I've received so many emails. After completing my work and sending an email, I opened my other emails ie Yahoo, Zoho, Hotmail/Outlook etc. and read all emails but nothing was important.


So, I was closing my laptop and at that time, something clicked my mind that there is no image proxy on Zoho mail which is indeed a bug. I don't know why I was thinking that. So, I just visited Zoho mail and opened any random email which contain images and saw that there is an image proxy. Sad! I just copy the image address and opened the URL in the next tab of my browser and the URL look like this


https://mail.zoho.com/zm/ImageProxy?source=https://site.com/pic.jpg&uid=5sw1SZM2rMX&mode=mailview

I just changed the source parameter to anothersite.com/pic.jpg and Zoho shows the pic. Fine. After that, my bug hunting mode becomes activated and I just changed the source parameter to anothersite.com/pic.svg and Zoho display the picture then I again changed it to mysite.com/xss.svg and Boom! 
XSS Successfully executed.



So, I reported the issue quickly to Zoho and they triaged my report very fast after some minutes. 




They rewarded me a $200 bounty.





I also checked other vulnerabilities but didn't found any in that short time



Thanks for reading.

Hope you like this sharing.

Have a nice day.

Happy Hacking!

Comments

Popular posts from this blog

XSS like a Pro

Email Spoofing for Beginners

DoS on WAF Protected Sites by Abusing Cookie