Hello, good evening/morning or wherever the time is where you’re from…
Awhile ago, I was browsing the domino’s website out of curiosity to test their site for vulnerabilities.
At the time, the dominos domain would have an # at the end of the URL. Example (now fixed, thanks me! ) dominos.com/en/#
They weren’t filtering any HTML tags after the #, this lead me being able to craft a payload to inject, prompting an reflective alert box. PoC Screenshot http://prntscr.com/gi1558 (prompted my twitter handle) chrome xss auditor bypass FTW!
Most of all the URL’s on the main site at the time were vulnerable to the same payload, since they all had the # which wasn’t filtering any HTML.
After reporting and them being fixed, I got an email from the head of Customer Service of Domino’s of them wanting to send me a $50 gift card in return for me reporting this! http://prntscr.com/gi1617 Name, and phone blocked out for privacy reasons.