1st Bug Bounty WriteUp: Open Redirect To XSS on Login Page

  • document.location.href=’//t.co’ is blocked.
  • when trying to refer to that using strings contatenation let tt=’documen’;let yy=’t’;let uu=’.locatio’;let ii=’n’;let oo=’.hre’;let pp=’f’;let aa=tt+yy+uu+ii+oo+pp;a=’//example.com’;, it doesn’t work although it’s a valid code.
  • <tag> in javascript: context is blocked.
  • let a=’<tag’;let b=’>’;c=a+b is not.
  • let bb=’<svg onload=’ is blocked because onload event is triggered WAF.
  • let bb=’<svg onload’;let cc=’=’ is not.
  • (), `and let a=’(‘;let b=’)’` is blocked.
  • let a=’)’;let b=’(‘ is not ! .

Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Create Svelte Component Libraries with SvelteKit

How To Develop and Build React App With .NET Core Backend

Notes from Kent Dodds 3-minute podcasts

JavaScript: How to Format a JSON Object to Output a CSV

The buildpacks error while redeploying Jhipster application to heroku

Start programming Node.js http2 client mode (part II): use POST method

Create light dark theme html css js in react

MERN stack course

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Nassim Chami

Nassim Chami

Security Researcher

More from Medium

My First Bug Bounties — $100 For Twenty Minutes of Work

A business logic error bug worth 600$

Playing With Password Reset Function

Sensitive Data Exposure via 403 Forbidden Bypass