.png)
3 hours ago
4 BOOK THIS SPACE FOR AD
ARTICLE AD
I was just going about my day and watched a video about amazing website portfolio’s of some developers. Then I remembered that my friend has a nice website which has a CLI type design where we input a command and it returns an output.
It has a bunch of commands which tells us some stuff about him, his certificates, projects etc. but immediately a thought came into my mind, if we can enter anything surely this website has some vulnerabilities.
So I immediately tried to exploit using XSS by first checking if it is exploitable by simple XSS script gladly it didn’t work.
<script>alert('1')</script> #did not workBut what I noticed that its not returning anything when it put the script but if i put anything else its returning it completely. I think there might be a blacklist or something placed which does not allow <script> tag
Then I thought lets try to use other tags like and after trying few I got the one that worked
1. <sCrIpt>alert(1)</ScRipt> #did not work2. <ScrIPt>alert(1)</ScRipT> #did not work
3. <img src="1" onerror="prompt('Enter your credentials:', '');"> //worked
The <img> tag worked and the website asked for my credentials which the website doesn’t do.
This was it, I will mention the link to the website after the bug is fixed. If you have any suggestions please tell me and Thanks for reading.
Bengali (Bangladesh) · 
English (United States) ·