Blind XSS to Full Control of Forum worth $$$

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Hello guys! My name is Tuhin Bose (@tuhin1729). I am currently working as a Chief Technology Officer at Virtual Cyber Labs. In this write-up, I am going to share one of my Blind XSS findings which helped me to earn $$$.

So without wasting time, let’s start:

tuhin1729Introduction:

While enumerating subdomains, I came across an interesting subdomain let’s say community.redacted.com. Basically, it’s a kind of a forum where users of redacted.com can post their queries and comment to others’ queries also. But for publishing comments, it needs approval from admins of redacted.com.

tuhin1729

After testing for IDOR, SQLi and other vulnerabilites, I decided to try Blind XSS there.

What is Blind XSS?

Blind Cross-Site Scripting vulnerabilities occur when the attacker input is saved by the web server and executed as a malicious script in another part of the application or in another application. For example, an attacker injects a malicious payload into a contact/feedback page and when the administrator of the application is reviewing the feedback entries the attacker’s payload will be loaded. The attacker input

Read the article