XSS vulnerabilities discovered in ServiceNow – CVE-2022-38463

Hey everyone, This is a blog related to my recent CVE on ServiceNow.It was found while testing a bug bounty program that was using ServiceNow and their in-scope domain was ‘redacted.service-now.com’. I searched the ServiceNow exploits on google and found that the domain was vulnerable to CVE-2019-20768 and CVE-2021-45901. I reported them and the reports…

Turning cookie-based XSS into account takeover

The cookie-based XSS One evening I started hunting on the Terrahost Bug Bounty program. I was testing the terrahost.no main domain. There was a functionality where I could choose the service, then register an account and place an order. So I did that. I chose Virtual Hosting and put all the data – username, address,…