How I broke Envato Search field

SerHack
SerHack
Oct 7, 2017 · 1 min read

TLDR

Envato devs didn’t develop a strong firewall to avoid any XSS Attack, I noticed that I could perform a XSS Injection. I have contacted Envato and after some investigations, they have discovered that my vulnerabilities were critical! They fixed them within 5 business day. Good Job Envato Team!

How everything started

First of all, I am an Envato Author, I have been selling my items since August. Envato has at the moment over 1 million customers and a 41 million products sold. I am a web developer and a security researcher. I think security must be a priority for a company like Envato.

I started, out of curiosity to “break” it in order to find some vulnerabilities. Of course, before “hacking” , I have read the Bug Bounty program on Envato. It’s a must for every security researcher … [..]


For more informations, this article continue here

SerHack

Written by

SerHack

Developer at serhack.me

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade