Member-only story

$350 XSS in 15 minutes

Bug Bounty Writeup about DOM XSS via JSONP + Parameter pollution

Anton (therceman)
InfoSec Write-ups
3 min readDec 23, 2022

Bug Bounty Writeup: $350 XSS in 15 minutes
Photo by Pepi Stojanovski on Unsplash

Hello 👋

This is my first and last Bug Bounty Writeup this year. 😀

I am sharing with you my latest XSS finding, which I’ve found 2 weeks ago.

This was the fastest and a bit unusual flow that I normally do when I search for XSS.

So let’s dive in…

  • Company asked me to retest an old XSS report.
  • I’ve checked that XSS and confirmed that it was fixed properly.
  • The specific endpoint had name a param that was vulnerable to Reflected XSS injection.
example.com/profile?name=<img+src=1+onerror=alert(1337)>
  • I’ve started to search for a bypass and used the Search function in Chrome Developer tools to search this endpoint /profile in all JS files to check for another vulnerable param, but found another endpoint:
example.com/services
  • The first idea that came to my mind was to put this URL in the google search engine and see if this endpoint was cached somewhere on the google web space with params.
  • After the first try, I found a cached endpoint with params on the first page of the results, the endpoint had ID…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Responses (7)

What are your thoughts?

qwe'"<X</

Why this particular string for a payload, is there something special about it?

Very interesting read Anton, thanks for sharing this writeup.
Happy holidays and happy new year.

Hi Anton
Your experience is truly inspiring!
Can you explain about XSS in depth?