.png)
3 years ago
648 BOOK THIS SPACE FOR AD
ARTICLE ADHello guys! My name is Tuhin Bose (@tuhin1729). I am currently working as a Chief Technology Officer at Virtual Cyber Labs. In this write-up, I am going to share my experience of hacking Dutch Government. If you want any help, you can connect with me on Instagram: @tuhin1729
So without wasting time, let’s start:
At first, I was so confused because there are more than 1000 domains within the scope. But later I took a domain randomly from the list and started hunting on it. After 2–3 days of hunting, I started testing on https://rijkswaterstaat.archiefweb.eu/
In my initial recon process, I came across a parameter subsite. I quickly checked XSS there using a simple payload: “><script>alert(document.domain)</script>
And guess what! The payload was executed successfully.
I quickly made a proof of concept and reported it to them. After a month, I got a reply from them:
Timeline:
15/10/20 — Reported Vulnerability
16/10/20 — Confirmed the vulnerability and informed the
organization.
03/12/20 — Resolved
04/12/20 — Got appreciation as Dutch Government T-shirt
04/01/21 — T-shirt delivered to my home
Later, I got more than 10 T-shirts from them and it was really a nice experience :)
If you want to learn bug bounty, you can ping me on Instagram: @tuhin1729
If you want to learn hacking you can enroll to our course: https://virtualcyberlabs.com
Thanks for reading. I hope you enjoyed this blog.
Bengali (Bangladesh) · 
English (United States) ·