.png)
11 hours ago
7 BOOK THIS SPACE FOR AD
ARTICLE ADI was hunting in a VDP program on Hackerone. The scope covered all relevant domains connected to the company.
First I normally start collecting subdomains but this time I wanted to find different subdomains with a google dork like below:
site:*<*.target.*
site:*>*.target.*
Then I found a subdomain like jobs.target.com and tried to find something there.
When I browsed the site with Wappalyzer, Cloudflare and a few other things were present on the site.
I then started surfing the site a bit and came across a link. It was like this:
jobs.target.com/?……&myname=…..¶m2=…..¶m3=…… these parameters were not reflected anywhere on the page but when I browsed the source code it was successfully reflected.
I was getting blocked by cloudflare when I tried html injection,xss
Then I clicked on a different page on the same site where there was a search feature similar to the previous page. When I tried the same parameters on this page, the parameter values were successfully reflected both on the page and in the source code.
I then tried the following load for 3 parameters:
</script><img src=xss onerror=alert(1)>
and xss was working successfully.
I created a separate report for each parameter and sent it. Unfortunately all 3 reports were closed as duplicate
Bengali (Bangladesh) · 
English (United States) ·