.png)
6 months ago
43 BOOK THIS SPACE FOR AD
ARTICLE AD
Hello! I’m a independent bug bounty hunter rather just a starting with bug bounty a newbie.
I got XSS in one of a subdomain of redhat! which was reflecting in the url
Let’s start Hacking…….
So, I used to check multiple XSS payloads in url or in url parameters or in the body.
So, while doing recon I found a end point from wayback machine was →
https://<subdomain>/CFIDE/wizards/common/_logintowizard.cfm?
I was simply trying XSS payloads at the end of the “?” and was trying to bypass. And at that time I got a cool bypass and was clicked the payload was →
"><%2Fscript><script>alert(document.cookie)<%2Fscript>And hell yayhh! We got it!
Conclusion:
Enumeration and the possibilities are always endless. After that I got the Hall of Fame from Red hat. Check out below.
Bengali (Bangladesh) · 
English (United States) ·