A bug I found in just minutes of browsing the target.

Hello there hackers, I’m Jan Jeffrie Salloman a student and a bug bounty hunter from Philippines. It’s been a while since I made a writeup so I’m here again to share a bug I found just by browsing the target and testing one functionality.

Every time you browse your targets you will always find these things, “Create an account”, “Request a demo”, etc. These are the things that almost all of the websites have. These are mainly used to register as a user. As a user I will use those functions to have an account on the target. Mostly they will just ask for your name, email and ask you to create a password. On the target I’m hacking, I used the Request demo function and what I used as my name is a HTML code just like this (“><h1>test</h1>), after putting the code on the name, I used a valid email so I can receive their reply. After few minutes of waiting I received an email that is from the target and the HTML code I injected was successfully parsed on the email and there is no filtering on the name input.

As you can see on the email, the HTML code I injected on the name input was not sanitized so the email that arrived contains malicious code. This is simply a HTML Injection on the email content. The impact is the attacker can control the content of the email and trick other users by using the Request demo function, it will look legitimate since the email comes from the company. The company accepted my report as valid and has medium severity so I got bounty:D. That’s so simple right? Thanks for reading my short writeup and I hope you learned something. Happy hacking!