XSS Tricky Exploitation

Hello Hunters !

Greetings everyone! Today This is my first write-up about one of my best findings My first Bug Duplicate to p4 . It’s an XSS Which actually Tricky XSS.

Image 1(Duplicate Response)

Its all about private program which i can’t disclose name. As i am new learner before 2 month ago when i was testing on Site www.xyz.com i found XSSwhich can easily steal users cookie, Don’t worry i will explain everything.

I already sent 7 report security issue on www.xyz.com we will discuss about it in my next writeup! ]

How To Reproduce Attack:

  1. I visit www.xyz.com Now, i create a new account after everything setup i got confirmation mail regarding account setup.
  2. Now,I simply open confirmation mail now it redirect me to www.xyz.com/account/paywall/?redirect=%2Fsignup%2Fnew-user%2Fwelcome%2F%3Fskip_pw%3D1&is_signup=1

As Above i tried Open redirection

www.xyz.com/account/paywall/?redirect=https://google.com&is_signup=1

BOOM! It’s work now, problem is Redirection out of scope ! LoL

Now, I simply turn for finding XSSi simply used ‘“><img src=x onerror=alert(document.cookie);>

www.xyz.com/account/paywall/?redirect=aaaaa‘“><img src=x onerror=alert(document.cookie);>&is_signup=1

Now we have setup payload now i simply click “complete” button

BOOM! i got XSS , Now what i do i simply send this crafted link to my another id and when user click complete XSS execute Now, I can steal user cookies of www.xyz.com.

After 21 Days what i got i actually mentioned above it was duplicate And i Rewarded $xxx

By - PJBorah

Thank You For Reading ………….(Keep Hunting Keep Learning )

I am pallab jyotti borah From Assam ! I am Professionally VAPT Analyst as Part time Bugbounty hunter