Posts

Showing posts from June, 2017

XSS on Bugcrowd and so many other website's main Domain

Image
Hi all, This is my first Blog post. I recently found Reflected Cross Site Scripting(XSS) vulnerability on Bugcrowd main domain which had huge impact. Secret Parameter: I was able to identify one secret parameter which was getting used by the server to respond differently and gave up error page showing ` unable to find page 404 in locale <my input>`. This was pretty much atleast XSS and Yes! Here is the POC video:   This didn't only work on 404 page but also on the homepage for ex: `https://bugcrowd.com?locale=xss`. However this parameter didn't seem to do anything else, so I immediately reported to Bugcrowd. When I woke up in the morning, I came to know that this bug was rather in Locomotive CMS, bugcrowd worked around showing that page at router level to mitigate the impact . Knowing this I immediately checked out Locomotive CMS and so was their website vulnerable. So I went dorking for other websites using Locomotive CMS and I have so ma