+1 (512) 588 6950
This is my first and last Bug Bounty Writeup this year. 😀
I am sharing with you my latest XSS finding, which I’ve found 2 weeks ago.
This was the fastest and a bit unusual flow that I normally do when I search for XSS.
So let’s dive in…
namea param that was vulnerable to Reflected XSS injection.
/profilein all JS files to check for another vulnerable param, but found another endpoint:
qwe'"<X</to the ID param and started to check if anything is reflected somewhere on the webpage’s source code.
alertfunction with a custom parameter
%sign to craft an encoded payload in order to add custom parameters to AJAX URL.
%26to & and
%23to #. Everything that is behind the # (hashtag) symbol is ignored by the browser. The final AJAX call looked like this:
1337. This confirmed the DOM XSS vulnerability existence and I have received a $350 bounty, with an additional $50 for a retest of an old report.
Thanks for reading!
P.S.S. Stay tuned for updates and don’t forget to subscribe at least somewhere so you won’t miss any info regarding the book.
Happy Holidays & Happy New Year!