Finding Reflected XSS In A Strange Way

Today I will be talking about finding a reflected XSS (“Cross Site Scripting”) vulnerability in a very popular bug bounty program and walk through the details regarding how I came to find this bug and why it was a very interesting finding which may be the first of its kind.

Overview

Throughout this post, I will be going over the details of how I found an XSS vulnerability on a bug bounty program this year. Bug bounty programs or BBPs are companies that allow ethical hackers to analyze their software/application and attempt to find vulnerabilities either for an award, recognition, or experience.

This bug came to me while actually utilizing a website for personal purposes, this was because I decided to still pay attention to details and see if I could find any strange behavior while using the site regularly. Which resulted in a great outcome since I came across this very strange bug which was considered a high severity issue by their team. For those who are unaware, we will first go over what exactly an XSS attack is and how it’s leveraged by attackers.

What Are XSS Attacks?

XSS (Cross-Site Scripting) is a vulnerability in which attackers are able to provide input into an application that includes a javascript payload to break out of the intended code context…