My First 0day Exploit (Reflected XSS) #BUGBOUNTY

Hi guys!

Steps:

  1. When I went to https://xxx.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy=0 , saw this code block:

2. Then I thought about which characters I could use. So, I went to: https://xxx.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy=”’<>/();

Then I saw I could not use </script><img src=v onerror=alert(1)> for get xss. I thought I will not bypass it, but maybe I can add javascript. So, I can get xss. After researching javascript for a while, I created the required block of code:

); alert(document.domain); if (1

When I go to https://xxx.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy=); alert(document.domain); if (1 , I saw the xss alert ;)

Some popular companies are using this script. Example;

  • Shopify
  • Canva
  • Yelp
  • Western Union
  • Cuvva etc

And reported developer’s bug bounty program. Then, this’s fixed.

If you want to get more notifications about my works, that’s my Twitter account.

https://twitter.com/alicanact60