Redstrom Denial Of Service — Write Up

Zerb0a
Zerb0a
Jun 11 · 2 min read
-

Hi everyone, today im gonna write about my found 2 month ago ( resolved now ). This vulnerability found on Restrom.io ( Bug Bounty Platform ). Btw Restrom is a Indonesian Bug Bounty Platform.

I found this bug while searching for an xss on redstorm.io. im tried to input payload xss but not fired ;v. I got 503 Gateway Error after that.

Reproduce :

  1. I go to program > submit a report .
  2. On the description i put :
    [Click](javascript:confirm(‘1'))
  3. Submit The Report
  4. Now You can’t visit the submission page ( Because it’s displaying 503 Gateway Error )

Before i reported it im not sure about this one. But after i create a submission and wait for a week they said :
(Translated from indonesian Language)
“Hi Zerboa,
After we check the submission in question, there was an error during the submission (“Secon”) was sent yesterday that the submission could not be seen in us and this caused a timeout on the side of researcher.
After that we report it to the technical team and after fixing it is known that the problem is in the filtering of the XSS itself.
Now it’s been fixed by replacing it into a “-” character when it reads an error.

Therefore, we consider this submission P4 unless it can be further proven which will make the severity increase.
You also have the right to get a T-shirt and will be notified by email for details.”

Reward : (P4) Swag :D

Thx For Everyone who read my story, have a nice day :D

Zerb0a

Written by

Zerb0a

Blogg : https://raflipasya19.blogspot.com