.png)
1 month ago
25 BOOK THIS SPACE FOR AD
ARTICLE ADhi everyone i am back with another writeup,
lets start
actually its limited scope and its intigriti program.
it has only main domain in scope.
first, lets name it as domain name doordie.com
first step:
i collect the endpoints using Xnl reveal chrome extension.
then i start testing the each urls for sensitive or vulnerable
endpoints for xss. after hours of spending i was found one url
but when i go through that url its gives blank page.
that url looks like this:
“https://doordie.com/o/oauth2/redirect”
i tried open redirect not worked, then i tried xss not worked ,then i
was decided to go for hidden parameter fuzzing.
we all already know the Arjun tool, using this tool i was fuzz the hidden
parameters. But i was thinking no use of this. but suddenly it gives me
hidden parameter value “code”.
then i craft the url using the “code” parameter value with xss payload.
its looks like
payload:</script><script>alert(1)</script>
https://doordie.com/o/oauth2/redirect?code=1</script><script>alert(1)</script>
Bengali (Bangladesh) · 
English (United States) ·