A Story of Rs.10k Bounty within minutes
Hello everyone i hope you guys are doing great in this quarantine i decided to write small blog post about my months older bug please have a look
So it was normie day no college decided to hunt ask my friend if he got any program ?
got to know about program its indian program so will kept this as private ( dnt want to get sue by them :xD)
As usual started with passive recon on github, trello, repl.it etc want to know more about this dorks ping me on twitter, got few results but older not worth to report
now , started active recon did subdomain scan got few checked for commaon bugs xss,csrf,cache poisioning,xxe no luck my friend already hunted on this
Me:
So what’s next never lose hope right?
decided scan twitter page of target manually hmm.
saw they have launched public discussion forum just hour ago like
forum.target.com it was not found by subdomain scanner
so as it was fresh thing decided to look for stored xss
now in discussions forum enter simple htmi payload <h1>hello</h1> and post it
got big hello seems vulnerable to htmli
now gave my simple hover xss payload to steal cookie like <a href=”javascript:void(0)” onmouseover=
javascript:alert(document.cookie)
>X</a>
hovered my mouse got popup , yes !!!!
so i quickly login with different account and hovred again as victim it showed victim cookie lol
Timeline:
Report sent
got reply
after few days of confirming patch
Bounty is low cause its indian company
Tip: dont always much depend on automated tools
let me know on twitter ,if you all has any suggestions
share and enjoy will do few writeups soon :)