The rules are : Your XSS must display 'OPENBUGBOUNTY' string in a JS popup, for example:
<script>alert('OPENBUGBOUNTY')</script>
<img src=x onerror=prompt(/OPENBUGBOUNTY/)>
<script src=https://openbugbounty.org/1.js>
so we have already here : https://www.openbugbounty.org/1.js
is it possible to add a filename 1 that contains: alert('OPENBUGBOUNTY')
Payload that I would like to use is : <script src=//1746635969/1>
Thanks in advance
XSS must display "OPENBUGBOUNTY"
Re: XSS must display "OPENBUGBOUNTY"
just https://www.openbugbounty.org/1 ?tigerincup wrote: ↑Wed Dec 20, 2017 10:53 amThe rules are : Your XSS must display 'OPENBUGBOUNTY' string in a JS popup, for example:
<script>alert('OPENBUGBOUNTY')</script>
<img src=x onerror=prompt(/OPENBUGBOUNTY/)>
<script src=https://openbugbounty.org/1.js>
so we have already here : https://www.openbugbounty.org/1.js
is it possible to add a filename 1 that contains: alert('OPENBUGBOUNTY')
Payload that I would like to use is : <script src=//1746635969/1>
Thanks in advance
implemented
-
- Posts:12
- Joined:Tue Jan 23, 2018 2:26 am
Re: XSS must display "OPENBUGBOUNTY"
i'm a noob, i have reported the xss bug to the webmaster and i just know if it should include bugbounty on alert. while already in patch, is this still allowed for this procedure?
Who is online
Users browsing this forum: No registered users and 2 guests