Hello,This is me!

Abdul Wahab

A Security Engineer Bug Bounty Hunter Synack Red Team Member

Sunday, 9 April 2017

Stored Xss in Freelancer

Hello Guys.Hope You are Doing Well Today i am Just Disclosing my Recent Finding on Bugcrowd.I just Founded Stored Xss Vulnerability in Main Domain of Freelancer i.e,
http://www.freelancer.com/

I Just Reported it and Got Nice Freelancer Swag and Some Kudos I am Also expecting  Reward From Them But AnyWay.


So, Lets Move on Towards the PoC of My Submission

POC:-

  1. Login
  2. Go to the Profile and Click Edit
  3. in Bio Section add the Simple Xss Payload i.e,
  4.    "><script>alert(1);</script>
  5. Click Save
  6. Open Profile in New Tab
  7. XSS ! BOOM 

 Watch Video PoC:- 




Report Summary:-

Submission created
2017-03-30 13:31:50 UTC

State changed
2017-03-31 06:29:04 UTC
Freelancer Engineer changed state to resolved

Freelancer Engineer Rewarded You With Swag 

Thanks,
Abdulwahab

Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna Veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.

0 comments:

Post a comment

SEND ME A MESSAGE

Search

Hi There, I am

Instagram

About Me

My photo
Turning my passion into my professional life. Love to break road and dig deeper as much as possible. Believe in no system is secure. Acknowledged by Google,Facebook,Paypal,Twitter and 250+ tech giants.

About Me

Social media

Flickr

Popular Posts