.png)
4 days ago
17 BOOK THIS SPACE FOR AD
ARTICLE AD
A few days ago I opened my email, and I saw a message from yeswehack containing an invitation to a bug bounty program (private program).
I immediately opened my laptop and accepted the invitation.
This program has many scopes, and the subdomains here are also included in their scope.
I chose scopes that accept vulnerabilities on their subdomains.
let’s just say the main domain is redacted.com because this is a private program.
The first step I took was subdomain enumeration, here I used subfinder to search.
After getting several subdomains, I selected several and opened them with a browser in Burp Suite. I did this so I could immediately see requests and responses via HTTP history via Burp Suite.
From this HTTP history, I started to analyze every request and response that I got, starting from parameters, login pages, and also javascript files.
This vulnerability started when I analyzed the JavaScript file and saw the ?back_url= parameter which was located in the application’s autologout function and I didn’t know about it before.
I immediately checked it by accessing it directly in my browser with a link like this: https://subdomain.redacted.com/users/sign_out?back_url=https://evil.com
quite happy when I found out that I was redirected to https://evil.com
after knowing that it was an open redirect vulnerability I tried to open it once again via the browser but this time I intercepted the request via burp suite and sent it to Repeater to check from this open redirect whether I can connect it to other vulnerabilities, Xss for example?
But after trying to use several xss payloads, html injection and others I can’t increase the impact because some characters are filtered :)
What’s even sadder is that after I reported this vulnerability it turned out my report was marked as a duplicate and I only got points :(
Maybe that’s all I can share this time, hopefully in the future I can share other interesting things.
X : Ghee1337
Telegram channels : https://t.me/bugbounty_reference
Bengali (Bangladesh) · 
English (United States) ·