Redstrom Denial Of Service — Write Up

Zerb0a
Zerb0a
Jun 11, 2019 · 2 min read
Image for post
Image for post
-

Hi everyone, today im gonna write about my found 2 month ago ( resolved now ). This vulnerability found on Restrom.io ( Bug Bounty Platform ). Btw Restrom is a Indonesian Bug Bounty Platform.

I found this bug while searching for an xss on redstorm.io. im tried to input payload xss but not fired ;v. I got 503 Gateway Error after that.

Reproduce :

  1. I go to program > submit a report .
  2. On the description i put :
    [Click](javascript:confirm(‘1'))
  3. Submit The Report
  4. Now You can’t visit the submission page ( Because it’s displaying 503 Gateway Error )

Before i reported it im not sure about this one. But after i create a submission and wait for a week they said :
(Translated from indonesian Language)
“Hi Zerboa,
After we check the submission in question, there was an error during the submission (“Secon”) was sent yesterday that the submission could not be seen in us and this caused a timeout on the side of researcher.
After that we report it to the technical team and after fixing it is known that the problem is in the filtering of the XSS itself.
Now it’s been fixed by replacing it into a “-” character when it reads an error.

Therefore, we consider this submission P4 unless it can be further proven which will make the severity increase.
You also have the right to get a T-shirt and will be notified by email for details.”

Reward : (P4) Swag :D

Thx For Everyone who read my story, have a nice day :D

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store