Mr. Robot: Self Xss from Informative to high 1200$ ,csrf, open redirect,self xss to stored

Hello all bug bounty hunters sorry for any mistake if I forget something to use this writeup for your RECON or you’re RESEARCHING, I found 2 w 3 bugs with the same idea

I submitted this bug to private programs but I changed everything here name website and panel and photos just to help the new bug bounty hunter it’s not the real name and photos

The first time I found csrf in the first name and last name no have a csrf token but the website not accepted csrf and self xss from the csrf i can change name to any word or payload xss but have no impact and not accepted by the website it’s too bored

after 2 or 3 hours I found a demo panel with the same information when you change the first name will change in the demo i changed to xss payload first name and the last name will be done and worked xss but the website not accepting self xss we need to change to stored xss but how?

ok now we have CSRF to change the profile name to xss and we found a demo website to reflect the xss it’s good

we need to redirect users from the normal website to the demo I found the button to create this redirection from the normal website to the demo website and the xss reflected

and I create two csrf one to change the profile name to xss and two to redirect users to the demo and injection like this

steps like this

1 goto change profile name and capture request and create csrf

2 capture request, the button will redirect you to the demo website, and create csrf




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store