LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Multiple RXSS

4 months ago 51
BOOK THIS SPACE FOR AD
ARTICLE AD

Sushil Choudhary

Hello Everyone, I am back with another write-up…

For 2–3 weeks I am busy with my exams. After finishing the exam I back to hunting. I decided to hunt on VDP which has a broad scope because in that bug hunting is easy.

I chose a program which is recently launched and has so many scopes. I picked up one domain. let’s call it <>.com

At first, I added it burp crawler (professional burp) and started it. After minimizing it I started exploring the website and I found an admin panel CMS that was vulnerable I was happy but is Authenticated.

Then i jumped to my Burp and guess what i found Multiple Reflected Cross-site scripting. YEAH, IT’S TRAIGED TIME. Before I reported it I was afraid because most RXSS are out of scope. Then I read and it’s not out of scope.

I reported it and after 4 hours I got a response. AAAH AS I TOLD YOU IT’S TRAIGED TIME. My report was valid and got triaged.

POC: <>.com/project/someting/fileame.html</sCrIpT><sCrIpT>alert(1)</ScRiPt>

Read Entire Article
  3. Multiple RXSS

Related

Bounty Beginnings: My First Bug Discovery

Bounty Beginnings: My First Bug Discovery

Crypto bounty program got me $500 — Rate Limit Bypass

Crypto bounty program got me $500 — Rate Limit Bypass

IDN Bootcamp Bug Bounty : Langkah awal Menjadi Bug Hunter

IDN Bootcamp Bug Bounty : Langkah awal Menjadi Bug Hunter

JS-Snooper: Get More Bounty With Easy Bugs

JS-Snooper: Get More Bounty With Easy Bugs

Information gathering with OSINT

Information gathering with OSINT

24.9 Lab: H2.CL request smuggling | 2024

24.9 Lab: H2.CL request smuggling | 2024

Trending

1. Alamgir Alam
2. IFCI Share Price
3. Titan share price
4. PFC Share Price
5. Indegene IPO
6. Tnresults
7. Chelsea
8. Tejasvi Surya
9. Bernard Hill
10. Shreyas iyer

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved