Stealing login credentials with Reflected XSS

Hello Hackers,

This was my first bounty worth $100. I got really exited at the moment the email notification popped-up. Read this write-up to know how I got that bug.

Let’s name the website as I understood that how the application works. After understanding, I logged out of the application and tried to visit the paths that are only available to logged-in users. As soon as I hit the first path in my list, I was redirected to “/login?redirect_to=%2fsettings”.

And Open-redirect vulnerability clicked into my mind and I was successful to get a redirect to by visiting

and logging in to

Then, I tried to get XSS by visiting and got that alert popup.

Then I thought why not try to steal login credentials.

So I went for that after a good night sleep. I visited the link:

An Alert popped up for both email and password of victim

So the attack is like, attacker sends email to vicitm including the above URL with javascript such as to send credentials to attack server and the victim clicks the link and bOOOOm…

Written by

1) No System is Safe!, 2) Aim For The Impossible, 3) Have Fun In CyberSpace & MeatSpace

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store