LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Tokopedia HTML Injection

1 year ago 89
BOOK THIS SPACE FOR AD
ARTICLE AD

Tokopedia HTML Injection

Halo teman teman perkenalkan nama saya Mohammad Alfin Hidayatullah, Saya ingin membagikan write up tentang bug yang saya temukan di Tokopedia.

Saya menemukan bug HTML Injection di aplikasi Tokopedia dengan tidak sengaja karena saya pikir biasanya aplikasi sudah memiliki filter HTML tag.

Hasil post

Saya mencoba memasukan tag HTML <font color=x> dan ternyata berhasil saat saya lihat post feed yang saya buat. Saya mencoba untuk melihat beberapa feed lain apakah memang ada yang menggunakan HTML tag untuk membuat post. Dan ternyata tidak ada yang menggunakan HTML tag untuk membuat post.

Setelah itu saya yakin bahwa ini adalah bug HTML Injection, Saya dengan senang hati langsung melaporkan bug ini ke bounty.tokopedia.net

Mungkin hanya ini yang dapat saya bagikan pada teman teman, Terimakasih telah membaca cerita yang saya tulis ini.

Status:

01 desember - Report

23 januari - Fixed

24 januari - Bounty (Tokopedia Voucher And Hall Of Fame)

Read Entire Article
  3. Tokopedia HTML Injection

Related

Unraveling the Web of Price Manipulation Safeguarding Fairness in Markets

Unraveling the Web of Price Manipulation Safeguarding Fairness in Markets

Unveiling Order Processing Vulnerabilities Protecting Your Business in the Digital Era

Unveiling Order Processing Vulnerabilities Protecting Your Business in the Digital Era

5 bugs in one program $$$

5 bugs in one program $$$

Multiple Business Logic Errors in APPLE music/TV allowing bypass of parental controls

Multiple Business Logic Errors in APPLE music/TV allowing bypass of parental controls

Gaining Control: How Response Manipulation Leads to Higher Privileges (PoC)

Gaining Control: How Response Manipulation Leads to Higher Privileges (PoC)

A Arte de Explorar SQL Injection: Uma abordagem profunda

A Arte de Explorar SQL Injection: Uma abordagem profunda

Trending

1. Chelsea
2. Panchayat
3. Man United vs Newcastle
4. Harshal Patel
5. Dhruv Jurel
6. Slovakia
7. RBSE 10th Result 2024
8. Madhavi Raje
9. Arsenal
10. Ilya Sutskever OpenAI

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved