Hello Fellow Hackers!

I am sitting in my room for last 3 days due to corona virus outbreak world wide and feeling really bored . So I thought why not do a write-up what I promised really long ago 🤭. Few months back in My Tweet I shared a way to bypass XSS WAF & Character limitation what I found on a private bug bounty site. Today I will share more technical details about that bypass . Hope you guys will enjoy it 😇

Back in 2019 I was testing a web application what allows a user to create a photo album and upload photos in it and the interface looks like below screenshot…

Hi readers ,

At 1st Eid Mubarak to all . May Allah bring you joy, happiness, peace and prosperity on this blessed occasion. Wishing you and your family on this happy occasion of Eid! Eid Mubarak! So on this blessed occasion I thought let’s share one of my finding as Eid bonus 😜 !

From title you may came to know this is a write-up about XSS WAF bypass using UNICODE . So let’s give you a small idea about the application I was testing . There was a option called Save for later what saves items in your account for later use . …

Hi readers ,

Today I will write about a XSS Vulnerability I reported to postnl.nl bug bounty Program .

Vulnerable Endpoint :- http://realestate.postnl.nl/?Lang=

To test a normal Reflected XSS I Input “><xsstest> in the Lang parameter and in source it was reflected properly inside META tag like below :-

<meta name="language" content=""><xsstest>" />

Looks simple right ? Then wait a little :’) . Then I Inputted “><img src=x> and I got :-

I tried with many HTML tags and I got 2 points here :-

• Any Valid HTML tag is not allowed .
• I can created any attributes here .

So I googled for meta tag attributes and got…

Hi guys ,

This is Prial Islam a security researcher from Bangladesh . This is a old finding of mine adding into my blog . Recently I disclosed a POC on How I was able to get all vine users sensitive Information including Phone no/ IP Address / Emails and Many more what was reported to twitter and they patched it and rewarded me 7560$ . Those who missed it you can get the Orginal Report Here .

Today I am going to disclose another Information Disclosure vulnerability what was reported by me to Twitter Security team in their Bug Bounty Program in Hackerone and they Rewarded me with a amount of 5040$ for this report . …

Hello readers,

This is Prial Islam a security researcher from Bangladesh . This is a old finding of mine adding into my blog .

Today I will write about a Critical IDOR vulnerability that will lead to Information Disclosure what allowed me to get any Vine user’s sensitive information including Ip address/phone no/email .

I reported this bug to Twitter Security team in their Bug Bounty Program in Hackerone and they Rewarded me with a amount of 7560$ for this report .

Vine has issued a statement regarding this vulnerability on their Vine blog Post here and also Hackerone mentioned this vulnerability in hackerone Zerodaily Newslatter . …

Hi readers ,

Today I will write about Subdomain takeover . It’s a common Security issue what is actually developers mistake when they left a Unused/unclaimed 3rd party Service DNS CNAME record for a subdoamin of theirs and Hackers can claim those subdomains with the help of external services it pointing to what could lead to serious issues . You can learn more about Subdomain takeover from detectify blog .

While testing flock.com I got a domain flock.co what is under flock company . So I stared looking at it’s subdomains and got subdomain newdev.flock.co . …

Hi readers ,

I am a Cyber Security Researcher from Bangladesh . Again I am here to share a Security issue I found on WeTransfer . WeTransfer have a paid bugbounty program under Zerocopter . So I start testing their sites . While I was bruteforcing wetransfer.com with DIRB script I got some directories what was redirecting users to Medium Publication link . Those directories looks like :-

• https://wetransfer.com/blogger (CODE:301|SIZE:0)
  (Location: ‘https://medium.com/wetransferger')
• https://wetransfer.com/bloggers (CODE:301|SIZE:0)
  (Location: ‘https://medium.com/wetransfergers')
• https://wetransfer.com/blogindex (CODE:301|SIZE:0)
  (Location: ‘https://medium.com/wetransferindex')
• https://wetransfer.com/blogs (CODE:301|SIZE:0)
  (Location: ‘https://medium.com/wetransfers’)
• https://wetransfer.com/blogspot (CODE:301|SIZE:0)
  (Location: ‘https://medium.com/wetransferspot')
• https://wetransfer.com/blog_ajax (CODE:301|SIZE:0)
  (Location: ‘https://medium.com/wetransfer_ajax')
• https://wetransfer.com/blog_inlinemod …

Description

zerocopter.com is a bug bounty platform for Ethical hackers just like Hackerone . In zerocopter reports user can use Markdown . Users are also allowed to give external links in reports . If a user click on External link in reports then it takes the user to a external warning page like below screenshot :-

But I was able to bypass the external warning page and redirect a user to a external link without any warning page .

Markdown :-

<http:1249723505> 
[Click Me](http:1249723505)

Note :- In above markdown 1249723505 this is ip of google.com [ 74.125.68.113 …