Bug Report

Stored Xss on Boxify.be

Boxify is a new Belgian startup, a solution to storage rooms for individuals and businesses as well.

They call their service a new era of intelligent storage solutions. And it honestly somehow is a new era of storage solutions. What Boxify does is they will send you the required amount of boxes, you’ll need to fill them and let them know that they are ready for pick-up. Boxify will pick-up the boxes after arranging a pick-up time and they’ll store them in a secure storage-room. Via their online client platform, you’ll get an overview of your stored items and you can ask several questions about some specific items of your storing.

This platform is accessible via PC or Smartphone.

Some extra details about Boxify:
The boxes have a dimension of 68x43x32cm and a volume of 94 liters.
6.25€ a Month for storing your items.

Key features:
Boxes are free
Insurance
Delivery of empty boxes
Pick-up of filled boxes
No administration fees
Flexibility (add or withdraw boxes to / from your storage )
Your items will be delivered within 48 hours.

Tldr: Boxify is a perfect service for small business or individuals who need storage at a small price.

The XSS-itself: You could insert a malicious script as your name, this wasn’t filtered by the system. If the page will be loaded the XSS will be activated and then the information prompt will appear on screen.

xss on boxify.be

 

 

 

 

 

Video:

Extra info:

*Authentication Required

 

 

Leave a Reply

Your e-mail address will not be published. Required fields are marked *