So, I was wandering and suddenly this tweet popped up in my news feed.

@zseano motivational tweet 😁 brought tears in my eyes

Then, I decided to give myself a new start as it’s 2021 πŸŽ‰. I logged in to my bugcrowd account and picked a suitable target (on which I’ve found bugs in the past) according to my skills.

I started with source code review, reviewed their bunch of javascript files and eventually found two endpoints that seem to be vulnerable to Open Redirection + XSS as the developers allowed the application to redirect user after performing certain action rather than the server, like this:

function get_param(param) {…

Hamza Avvan

Cybersecurity researcher - Programmer πŸ˜‹ Follow me on twitter:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store