Skip to main content

How i found Stored xss on your-domain.redacted.com

Hay,

Today i am going to show how i found XSS on site your-domain.redacted.com who provide Help Desk & Live Chat Software.


Now in the signup page i am trying to create a account with the payload in Full name but it showing error "Invalid name on name"
Signup page

then i filled it with my name and i finished signup. It redirect me to https://your-domain.redacted.com/agent/index.php#GettingStarted;

Without checking other staffs i go to Edit profile 

Setting page after signup

and here i can able add XSS Payload in Name field also in Alias field ( image bellow )

Setting Page

After save this Setting when i back to my Dashboard nothing happen i mean no PopUp

Profile after added payload, No XSS
 Then i am start looking into source code what actually happening.After scrolling source code suddenly my eyes stuck into a JS code

before bypass
Oh boy! </script> blocking the <script> here so again i get my ass back into Edit Setting then i filled Name with xss payload

Payload: </script><script>alert(document.domain);</script>

 Then i save it, and back to my Dashboard and tada! XSS Executing success.

XSS Popup

After added new payload

I start dancing like this 😂😂
Status:
------------------
30-09-2018 - Reported to the team
 02-10-2018 - Issue Resolved  ( No Bounty No HoF 😂 )

Comments

Popular posts from this blog

How i found web shell on AntiHack.me and Awarded Gold Coin And SWAG

Hay guys,

How i found Web Shell on AntiHack.me and Awarded Gold Coin And SWAG


It's a short Write up

While i am recon AntiHack.me using Virustotal.com i notice a thing in URLs Like bellow image:


Shell Name: Mysql interface v1.0.php
URL: https://www.antihack.me/public/kyc/webshell/php/PHPshell/Mysql%20interface%20v1.0/Mysql%20interface%20v1.0.php

Then i visit to the URL and it redirect to me 404 Error Page, When the URL redirect me to 404 Error Page i can able to seen that page and then it redirect me to 404 Error Page. So, it's possible to visit URL using intercept the request, Then i intercept the request and i can able to view the shell page then i report to AntiHack.me They offer me Gold Coin And SWAG.

Reward:


Thank you



How i found open redirect and rewarded 0$

Hay,

Today i am going to show you How i found open redirect and rewarded 0$ LoL 😆😆

Let's start

Target:  https://redacted.com

I am start finding subdomain using Sublist3r  then i found https://subdomain.redacted.com
And i thought that let's find Open Redirect today.

Then i just add a payload https://subdomain.redacted.com/http://evil.com like this but it not redirect to http://evil.com 😑 then again i start with like https://subdomain.redacted.com///evil.com nah again i failed 😑



after failed 2nd time i thought , let's try it again and it's the last time if i failed i will give up with this shit.

then i come up with https://subdomain.redacted.com/http:/evil.com this and tada! Redirect Success 😌😌

Payload: http:/evil.com
Final URL with payload: https://subdomain.redacted.com/http:/evil.com


Thanks for reading 😉