Hi, this writeup is about a bug that existed in HTML to PDF generation functionality in a program.
As it is heavily said by community that HTML to PDF genrating softwares are usually vulnerable to SSRF, and that’s what I was trying to do. The program had option to create certificates using HTML and some background template.
I tried to inject various payloads, googled things and read nahamsec’s writeup on exploiting similar function again and again, but no use.
The only HTML tag that gave back a response to my TCP tunnel was <img> tag, moreover the fetch that was…
Just like other newbies, I had been practising on portswigger academy, feeding on writeups day in and day out waiting for my first valid bug and then when it came I wasn’t able to believe what I had found.
This is the story of my first bug which I had found last october. As usual I was reading writeups and practising, watching other hackers’ videos and hovering from one discord bug bounty community to another when I saw a guy posting on nahamsec’s server that Logitech has launched a new public program with huge scope. I ran towards it.
Hey guys, this writeup is about my first Reflected XSS and how I escalated it to account takeover.
I read many Bug Hunters implying on the fact that don’t submit a simple XSS, try to escalate it. I also would tell you to escalate as much as you can, if you give them a XSS and tell what a person can do with it, it does not shows the amount of impact as you would be able to show when you prove with how it would be done; this will increase the severity as well as your payout.