How I got 22000$ worth ethereum

Hello guys,

Today I’m writing a blog post after long time. How I got 22000$ by pawning a website. Though it’s a private program so can’t disclose the name I’ll be using example.com to explain that how I’ve exploited blind XSS to pwn the website.

I was doing the monkey test on name field to get an XSS without having any idea if my payload will execute or not. So I just entered payload

but nothing worked for me. Next day I got a message from team member of the company that one alert is coming on the admin panel whenever they go to verify account function so here I came to know that there was a blind XSS over the name field. I used XSS hunter payload to get the admin user cookies as the payload was executing over the admin panel.

As soon as admin try to verify my account I got the session in xss hunter and from there I was able to access panel of the application

I got other bugs as well.

 

shubhamgupta

 

2 thoughts on “How I got 22000$ worth ethereum

    1. Sorry Dude I wish I could share once all bug will resolved I’ll let you know. may be soon they will be live on hackerone.com

Leave a Reply

Your email address will not be published. Required fields are marked *