بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ
When I was working on a target (let’s say it’s site.com) in the enumeration step I collected the subdomains of the target, after that, I like to choose some random subdomains to see what they looked like to try to understand the target furthermore, I found a subdomain called “my.site.com” and then I open it I found full white page.
when I found an Empty page(full white) the first thing I thought of was that this page is most likely to be under construction which means that the developers are still testing things on this page, and that means it may contain something interesting.
so the first thing I tried was to use dirsearch on this page. and I found this end point: “my.site.com/logoff.html”
and that is what it looks like:
doesn’t look promising, isn’t it?
but I learned something, always look at the source code as it may hide some valuable information.
and that is what was hiding in the source code:
this javascript simply waited for 3 parameter values for the user: “a”, “b” and “c”.
parameter “a” holds a URL, “b” and “c” holds parameters for this URL.
then the page redirects the user to the new URL using: window.location = d, true;
after seeing this I tried to do this:
my.site.com/logoff.html?a=http://google.com&b=blahblah
and boom!! it redirected me to google.com
What I learned here is that reading JS files is extremely useful. and whenever you see an empty page don’t just leave it, give it a little FUZZING
Thank you all❤❤ and wish more bugs for me😂