.png)
3 years ago
191 BOOK THIS SPACE FOR AD
ARTICLE ADHello Friends, this is Pugazhenthi V, I am an Ethical hacker and bug bounty hunter. Actually, this is my first blog post…okay, I don't want to waste your valuable time.
Bug hunters know this bug bounty path is very hard. We face a lot of frustration, demotivation. But we want to become successful Hacker or Bug hunters we want to overcome all the obstacles.
My First bug is Stored cross-site scripting. Initially, I don't believe this vulnerable to XSS attack.
First I selected the target and google dork with that target (redact.com).
site:redact.com inurl:id=
Then I get the limited result and I visit every link some links a useless but one link is looks vulnerable(that page has a comment session and the user comment is reflected on the same page).
After I see that page only one thing comes to my mind, that is Sean (zseano) methodology. He told don’t spray the XSS payloads and first use the non-malicious payloads like <h1>test’.
Then, I inject the payload (<h1>test’</h1>) that the page sanitizes the h1 tag. then I inject (<img src=x>) but the IMG is icon is reflected on that page. then is create the payload <img src=1 onerror=alert(‘1’)> but the page is redirect to Cloudflare XSS protection page, then I tried confirm(), prompt(). Nothing is poped.
After I reviewed the source code. I believed this page is vulnerable to a Stored XSS attack. Go to Twitter and search XSS payload bypass Cloudflare protection. I get some good results from Twitter.
Payload:
<svg on onload=(alert)(document.domain)>
I inject the payload in that commend box and submit it. Suddenly alert box is fired. That page is not properly sanitized the HTML tags.
Finally, I reported to the corresponding program I get recognition from that program.
Thank you.
Bengali (Bangladesh) · 
English (United States) ·