LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Easy bounties and Hall of fame

1 year ago 71
BOOK THIS SPACE FOR AD
ARTICLE AD

Hi Team, script kiddie is back! After a long Break Here I am talking about a bug which helps you getting bounties and Hall of fame Easily, So let’s start
Here is the bug name is Hyperlink injection in the email invitation.

Hyperlink injection Injection occurs when a hacker has created/injected new pages on an existing website. These pages often contain code that redirects users to other sites or involves the business in attacks against other sites.

I love server what about you :-)

So some website has a facility to invite a user for a group/Team . when Admin invites a user he has to need fill his name last name and email .like in this Then victim Recived a email invition which contains hyperlink

image copied from internet

Note :- [You can also try it like put hyperlink in your username also in your Team Name You can also try ssti , html injection instaed of hyperlink in these fields ]

A hacker can add a malicious file in the form of hyperlink if the user can click on a link a malicious file can be downloaded in his system .

This permits users to send malicious/phishing links to potential clients. It could also have an effect on how spam filters treat your company’s emails.

Hacker can easily invite a member on his malicious url

open redirect to malicious webpage

Hyperlink Injection on Email Invitation

DESCRIPTION
an hyperlink injection in the name when the attacker invites the victim to his organization with injection hyperlink.
reference link :- https://hackerone.com/reports/158554

STEPS
Add first name with the name evil.com and switch it.
Go to xxxx.com and invite
friends user and invite the victim using email.
victim will see the invitation with malicious link

impact:-
a hacker can add a malicious file in the form of hyperlink if the user can click on a link a malicious file can be downloaded in his system .
This permits users to send malicious/phishing links to potential clients. It could also have an effect on how spam filters treat your company's emails.
Hacker can easily invite a member on his malicious url
open redirect to malicious webpage

i got 50$ bounty and one hall of fame with the help of this bug

Thanks for Reading ..

Follow me for more

Instagram

Twitter

Linkedin

Read Entire Article
  3. Easy bounties and Hall of fame

Related

21.5 Lab: Stealing OAuth access tokens via an open redirect | 2024

21.5 Lab: Stealing OAuth access tokens via an open redirect | 2024

Reflected XSS via Cache Poisoning

Reflected XSS via Cache Poisoning

Reflected XSS to Account Takeover

Reflected XSS to Account Takeover

How I got Critical IDOR in one of India’s Best Known Food Delivery Website

How I got Critical IDOR in one of India’s Best Known Food Delivery Website

Account takeover with a sad ending

Account takeover with a sad ending

Vulnerable WordPress April 2024 (Arasbaran)

Vulnerable WordPress April 2024 (Arasbaran)

Trending

1. Furiosa
2. Moto Edge 50 Fusion
3. Motorola Edge 50 Fusion
4. Vicky Kaushal
5. New Caledonia France
6. Guruvayoor Ambalanadayil
7. Sunil Chhetri
8. Neeraj Chopra
9. Inter Miami
10. Manchester United

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved