Heya guys, I am Sankk a 15 years old teen kid from Nepal. I am trying to dig into the infosec community to become a so-called “Security Researcher”.

coool.png

Story

So Basically, It was a VDP program which we can imaging as company.com. First thing first, I did some google hacking(Dorking) and the dork was -> site:company.com inurl:?url=. With this dork, I found a cool subdomain and that is https://subdomain.company.com/APPortalExt/RedirectMessage.aspx?url= so on URL parameter if we put any malicious website link then it will redirect to that particular website which is an open redirect vulnerability but as we all know open redirect is considered as p5 or p4. But to chain it to p3 I added javascript:alert(0) then it popped an XSS which is cool. SO the final URL is

https://subdomain.company.com/APPortalExt/RedirectMessage.aspx?url=javascript:alert(0)

Takeaways

Always use google dork

Little about me

I am just a corrupted teen kid trying to dig into infosec community. While, I don’t wanna reveal my identity. Thank’s for understanding me

About the target

It was just an ISP website, with bunch of cool functionalities. They don’t have bug bounty program (BTW). …

Sank Dahal

a corrupted teen noob kid

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store