.png)
3 years ago
226 BOOK THIS SPACE FOR AD
ARTICLE AD
Hellow bug hunters! I’m back again with another writeup. Mostly I don’t show off my bounties🤑 . But this writeup is not for bounty purpose. I’ll tell you what mistakes I have done and which you shouldn’t repeat for the same bug like I did. I’ll also share with you some tips and obviously bug chaining. So, without any delay let’s start roller coaster ride. 😉
I was hunting on responsible program. That program has very less features. I mean there was no signup or login functionality or similar input field where I can test bugs. There are only few web pages like you can download that company’s software and read manual, privacy policy, etc. Now what?
I fired up Burpsuite (Burpi ❤) and spider the whole website. Then suddenly I see that there are no more security headers. Specially XSS protection header. As you know about target there is no functionality to test input validation. There was language/email parameter (e.g. target.com/?lang=en&email=x). I know what you are thinking right now. And I tried simple XSS payload and it worked!! Woohoo… 😍
I started bug chaining. I did HTML Injection. I typed simple HTML code (e.g.<h1>HelloWorldHTMLInjectionHere</h1>) and its executed. What else we can do? Another bug chain is Open redirection via HTML Injection. Yes, you read it right. Payload will look like below:
<script>document.location.href=”https://example.com”</script>It will redirect to the example.com. I quickly made poc and write a good report and send it to their security mail. After couple of days I got mail that I am eligible for bounty. And I got 500$. That’s it guys. Keep hunting, Keep Sharing.
Bengali (Bangladesh) · 
English (United States) ·