.png)
3 weeks ago
20 BOOK THIS SPACE FOR AD
ARTICLE ADWhat is the Bug?
one of these domains at the end of the web page there is an option to subscribe to get emails about the company.
I filled it with a random data like this
I sent it to test the behavior of this form; after sending I received a confirmation email like this
I observed that the name is reflected in the email and rendered in HTML.
The first payload comes to my mind is
<a href="https://evil.com">Click Here</a>But if I tried to send it the form doesn’t accept it and the response is 403 but there is no a WAF to block my payloads, with some time I realized this a problem of payload size.
The name input field allows a maximum of 35 characters.
So I sent this payload
<a href="evil.com">Please click</a>this is the result
I reported it and this is the triage reply
Now I have a challenge to make the payload short and more obvious
After some search I found there is a way to make any link in short form
like subdomain.verylong.com -> bit.ly/some_random_chars
you can discover this here https://app.bitly.com/
I signed up in this site and made a short link for https://google.com
and make my final payload
<h1><a href=bit.ly/48rQIVc>Clickwhich results this
and this also
<h1><a href=bit.ly/48rQIVc>Click<hr>
Bengali (Bangladesh) · 
English (United States) ·