LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

My Journey to Drugs Hall of Fame in just 10 minutes

9 hours ago 7
BOOK THIS SPACE FOR AD
ARTICLE AD

bugbounty_learners

Hi Everyone,

Hello guys👋👋 In this article, I’m going to talk about a How to bypass XSS filters and lead to Stored XSS bug I discovered on HackerOne bug bounty program which i m going to represent as redacted that allowed me to get Reward Hall of Fame.

Severity: HighPlatform: Hackerone Public Program @drugs_comGo to the https://www.question.com/Now find findout all input fieldsSearch barProfile page[publicly visible]Blog Posting fieldsCommand fields

3. Try to testing Search bar one and more hours but Search input is not vulnerabile.Next I’m go to the Big Input Box Ask a Question this time what you think

Now enter the normal XSS PayL0ad like <h1> clap my artical </h1> but still not working.

4. Start brut force using may payL0ad and I Foud Something(length)

5. Finally I found the payload

<iframe…
Read Entire Article
  3. My Journey to Drugs Hall of Fame in just 10 minutes

Related

Account Takeover: How I Gained Access to Any User Account Through a Simple Registration Flaw

Account Takeover: How I Gained Access to Any User Account Through a Simple Registration Flaw

Server-Side Request Forgery $(SSRF)$ allows internal ports scanning

Server-Side Request Forgery $(SSRF)$ allows internal ports scanning

Bypass Rate-Limit via X-Forwarded-For

Bypass Rate-Limit via X-Forwarded-For

SQL Injection: How I Secured Personal Information (PII) of 1.1M Job Seekers

SQL Injection: How I Secured Personal Information (PII) of 1.1M Job Seekers

Exposing a Data Leak Vulnerability: My Journey to Discovery

Exposing a Data Leak Vulnerability: My Journey to Discovery

Storm-1811’s Quick-Assist phishing could have been worse

Storm-1811’s Quick-Assist phishing could have been worse

Trending

1. Venezuela vs Brazil
2. Belgium vs Italy
3. Greece vs England
4. France vs Israel
5. West Indies vs England
6. Kanguva Review Telugu
7. Gurpurab 2024
8. Today
9. Guru Nanak Jayanti 2024
10. Bihar Police Result 2024

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved