XSS Tricky Exploitation

Hello Hunters !

Greetings everyone! Today This is my first write-up about one of my best findings My first Bug Duplicate to p4 . It’s an XSS Which actually Tricky XSS.

Image 1(Duplicate Response)

Its all about private program which i can’t disclose name. As i am new learner before 2 month ago when i was testing on Site www.xyz.com i found XSSwhich can easily steal users cookie, Don’t worry i will explain everything.

I already sent 7 report security issue on www.xyz.com we will discuss about it in my next writeup! ]

How To Reproduce Attack:

As Above i tried Open redirection


BOOM! It’s work now, problem is Redirection out of scope ! LoL

Now, I simply turn for finding XSSi simply used ‘“><img src=x onerror=alert(document.cookie);>

www.xyz.com/account/paywall/?redirect=aaaaa‘“><img src=x onerror=alert(document.cookie);>&is_signup=1

Now we have setup payload now i simply click “complete” button

BOOM! i got XSS , Now what i do i simply send this crafted link to my another id and when user click complete XSS execute Now, I can steal user cookies of www.xyz.com.

After 21 Days what i got i actually mentioned above it was duplicate And i Rewarded $xxx

By - PJBorah

Thank You For Reading ………….(Keep Hunting Keep Learning )