How I caught Multiple vulnerabilities in Udemy.com, But not rewarded for serious XSS vulnerability :(

Satyendra
Satyendra
Apr 5, 2018 · 3 min read

Hello,

This is Satyendra Shrivastava (Independent cybersecurity researcher)

Today I’m going to tell you a story of finding a bunch of bugs in udemy.com and bugs are like XSS (Dom based XSS), HTML injection, clickjacking and broken authentication in the homepage of udemy.com.

So let’s begin the story

One day I was in the computer lab of my college and normally all the students were studying their subjects and I’m a security researcher so that’s why I was busy with my stuff. means Hacking LOL! :)

Image for post
Image for post

I was looking for some bugs in the random websites and suddenly I thought I need to gain more knowledge about Hacking then I started searching for hacking courses on the internet and fortunately I entered in udemy.com and searched for bwapp training course but there were no courses for me :(

and then suddenly I had a thought in my mind of testing for XSS and I inputted in searchbar a simple JavaScript payload -

<script>alert(XSS)</script>

Unfortunately, there is no response till now :(

After some time I tried one more javascript payload that is -

<img src=1 onerror=alert(document.cookie)>

Image for post
Image for post

BOOOOOMM!!!!!!

I got a popup with the cookie reflection

I and my friends were like this –

Image for post
Image for post

And now I was not staying cool I was so happy and continue to look for some more and tried an HTML injection code.

payload is —

<h1><marquee>Udemy has beeen hacked</marquee></h1>

Once again BOOOMM!!!

Image for post
Image for post

That day my luck was like this –

Image for post
Image for post

And then my curiosity level is on peak :)

I needed some more then again, I am started fighting with udemy.com

Once again, I got a click-jacking.

I tried one more time and got a broken authentication it allows a attacker to brute force the coupon code field.

Now I was satisfied with that last vulnerability I finally reported all the bugs to Udemy.

But here my luck was not with me because I got XSS as out of scope from the program I was socked

And also broken authentication is got duplicate.

Image for post
Image for post

But still, remaining bugs (HTML injection, potential click-jacking)are triaged so finally I’m happy.

Status — Fixed

Image for post
Image for post

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store