How I Got Paid for an Out-of-Scope Vulnerability

2 weeks ago 19
BOOK THIS SPACE FOR AD
ARTICLE AD

A Mysterious Blind XSS

Abdul Rehman Parkar

Hello fellow researchers, my name is Abdul Rehman Parkar, and I work at IZYITS.

Today, I’m going to share a fascinating story about a Mysterious Blind XSS vulnerability. In this case, the XSS payload was delivered to the vulnerable domain’s internal application without injecting it directly into any of their services. Surprisingly, what initially seemed like a blind XSS turned out to be a reflected XSS, exposing an unexpected attack surface in their system. Let’s dive into the details!

“I don’t want to disclose the name of any domain, so wherever I was testing, I’ll refer to it as target.com, and where the payload was executed, I’ll refer to it as vulnerable.com.

One day, I thought, let’s test for a blind XSS vulnerability. To test for this vulnerability, I shortlisted 4 to 5 targets and started submitting the blind XSS payload in each of their submit parameters. After that, I stopped testing and began testing for other vulnerabilities. Almost a week later, the blind XSS triggered, and I received an email notification.

Then I went to the XSSHunter Truffle Security portal and saw that the blind XSS had executed, revealing the cookie, domain name, and other details of the…

Read Entire Article