Sometimes vulnerability is in the simplest things that cannot be seen…
I haven’t felt like working much lately. I’ve mostly been studying and doing a little work. This is normal; everyone feels like this sometimes. After a while, we usually feel better and return to our routine.
One of these days, while I was checking my telegram messages, I saw that a channel talked about a Cryptocurrency Website that rewards those who discover vulnerabilities, I took a look at it and tried as a normal user, I encountered this when I registered:
As you can see, my username is displayed on the screen, after seeing this, I went to the registration section again and injected this code and created a new account:
And Next:
Store XSS Vulnerability discovered.
The injected code ran everywhere because the username appeared in all parts of the program, making the vulnerability more severe. I reported it to the technical team, and they fixed it within 24 hours. However, I received no response or reward after the fix.
I trusted the post of a reliable Telegram channel and it caused me to repeat another experience that is very useful for beginners, as much as possible, do not operate without the approval of the program and outside the Bugbunty platform.
ITSG has the capability to improve overall security.