1st Bug Bounty WriteUp: Open Redirect To XSS on Login Page

  • document.location.href=’//t.co’ is blocked.
  • when trying to refer to that using strings contatenation let tt=’documen’;let yy=’t’;let uu=’.locatio’;let ii=’n’;let oo=’.hre’;let pp=’f’;let aa=tt+yy+uu+ii+oo+pp;a=’//example.com’;, it doesn’t work although it’s a valid code.
  • <tag> in javascript: context is blocked.
  • let a=’<tag’;let b=’>’;c=a+b is not.
  • let bb=’<svg onload=’ is blocked because onload event is triggered WAF.
  • let bb=’<svg onload’;let cc=’=’ is not.
  • (), `and let a=’(‘;let b=’)’` is blocked.
  • let a=’)’;let b=’(‘ is not ! .

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store