.png)
7 months ago
60 BOOK THIS SPACE FOR AD
ARTICLE ADThe Story
BUCKLE UP YOUR SEAT BELT !!!
So, the story is of about few months ago i was talking to my cousin and conversation is going i asked about their company in which he is working and after that something poked on to my mind to search for their company.
So I searched for it it had careers section in which there is a search functionality there i thought to enter some xss payloads like usual “<script>alert(1)</script>” but nothing works and as it has input function i added input tag and guess what there is input box shown then i be like
then i added full payload <input onmouseover=alert(1)> and it is executed.
The company is also running a vulnerability program checked through hackerone so i reported it and receive confirmation mail from company but after that there is no response from them.
So, here is the end of story hope u like it.This is my first writeup
Lessons learnt :
Always check recent submissions in company.
Check if they have any hall of fames because there are organizations which are runnnig VDP or BBP but never response on your report or in worst case they internally fix issue.
Thank you for reading..
Bengali (Bangladesh) · 
English (United States) ·