# Exploit Title: IBM Virtual Security Operations Center (VSOC) - Cross Site Scripting (XSS)
# Date: April 2, 2018
# Portal Link: https://portal.sec.ibm.com
# Exploit Author: Kushal Jaisingh
# Contact: https://ca.linkedin.com/in/kushaljaisingh
# Category: WebApps, XSS

1. Description

Below are the steps to reproduce the reflected cross site scripting (XSS) vulnerability found in IBM's Virtual Security Operations Center (VSOC) ticketing portal. IBM and clients use the VSOC portal to open tickets related to IBM's security related service offerings such as QRadar and other security appliances.

2. Proof of Concept

Steps to reproduce XSS alert popup:

1.) Goto https://portal.sec.ibm.com
2.) Login
3.) Once logged, locate the search box in the top right hand corner of the page labelled "Search Portal"
4.) Paste the following XSS payload into the search box: '});alert(1);//
5.) Hit enter on your keyboard to search, once the page loads you will be alerted with a XSS window.

3. Explanation:

I noticed search queries were being reflected inside the script tag. So in my XSS payload I began by completing the syntax for the query argument using a single quote followed by a curly bracket. Next, I completed the syntax for the function the query variable fed into using a right parenthesis. Finally, I ended the previous instruction with a semicolon and injected my own JavaScript instruction alert(1); which created the XSS window. I also included a double slash at the end commenting out anything else coming after on the line.

4. Solution:

Never trust any user provided inputs. Always sanitize user provided inputs to prevent cross site scripting.