hi
This is my first write up.Hope you will like it.
So,XSS in Hackpad
It was Feb 2,2015.I saw DropBox Program on Hackerone.com,and tried to hunt dropbox for bugs.But I wasn't lucky.So I thought why not go for acquisitions.I searched Google for Dropbox acquisition and HackPad was the most recent one.
So,What was next.I created an account and started testing it.I think it was my lucky day.I put a simple vector in search bar (<ScRiPt>prompt(document.domain)</ScRipt>) and it got executed.I was surprised on it.Search bar !!! and its vulnerable.
Quickly I reported DropBox and bug was accepted and after 40 days it was fixed..
No bounty for that as it was not included in Bounty program but in reward I got
HALL OF FAME
1 TB QUOTA
T-SHIRT
I hope you will like it..
Muhammad Abdullah
This is my first write up.Hope you will like it.
So,XSS in Hackpad
It was Feb 2,2015.I saw DropBox Program on Hackerone.com,and tried to hunt dropbox for bugs.But I wasn't lucky.So I thought why not go for acquisitions.I searched Google for Dropbox acquisition and HackPad was the most recent one.
So,What was next.I created an account and started testing it.I think it was my lucky day.I put a simple vector in search bar (<ScRiPt>prompt(document.domain)</ScRipt>) and it got executed.I was surprised on it.Search bar !!! and its vulnerable.
Quickly I reported DropBox and bug was accepted and after 40 days it was fixed..
No bounty for that as it was not included in Bounty program but in reward I got
HALL OF FAME
1 TB QUOTA
T-SHIRT
I hope you will like it..
Muhammad Abdullah
No comments:
Post a Comment