I want to share about my easy finding in Yahoo mail IOS application, easy but worth $3500. Last 3 months ago, i found Stored XSS in Microsoft outlook mail IOS app. You can read there. So, I think "what if yahoo is vulnerable to this kind of attack? ", then i start testing on yahoo … Continue reading Stored XSS in Yahoo mail IOS app($3500)
Category: bugbounty
Stored(Blind) XSS in amazon drive
I want share about my finding in amazon drive link. When i found stored xss in microsoft outlook i choose another random target is amazon drive. You can find my previous blog post here Stored(Blind) XSS in Microsoft outlook. OK let's start.... I upload filename with '"><img src=x onerror=alert(document.domain)>.jpg extension. But nothing happened in their website. … Continue reading Stored(Blind) XSS in amazon drive
Stored(Blind) XSS in Microsoft outlook
I want share about my finding in Microsoft outlook IOS application that could affect 2.62.0 and below. I'm not bounty hunter and i really don't want to become. When I have free time, i choose random websites or apps. Two months ago, i upload a file via Microsoft out using web based application with extension … Continue reading Stored(Blind) XSS in Microsoft outlook