ScriptJacker  Blogs

Vulnerabilities Die Here

Services Contact
ScriptJacker

Latest Blog Post

Stored XSS

Converting Self-XSS to Stored XSS leads mass Account Takeover (ATO)

The attacker initially discovered a Self-XSS vulnerability by misusing the application features it got critical impact. Although harmless in browser, this input was later stored and rendered elsewhere without sanitization, escalating it to a Stored XSS. Since the payload executed in every user’s session, it could hijack authentication tokens or cookies.

Parth Narula
Parth Narula

Difficulty: Low

Request Manipulation

The Art of Request Manipulation

Attackers intercepted and modified raw HTTP requests—especially POST parameters—using Burp Suite. By tampering with fields, the server returned detailed SQL error messages and stack traces that weren’t visible through the browser. These internal error disclosures reveal database structure and back-end logic, risking information exposure and aiding further exploits. The root issue was over-detailed error handling and missing input validation.

Parth Narula
Parth Narula

Difficulty: Low

broken authentication

Rare Broken Authentication Flaw - 99% people don't know

The bug allowed an attacker to gain unauthorized access to the subdomain without ever completing registration. By starting signup on the main app (with a random email/phone), skipping OTP, and then triggering a password reset on the partner subdomain, the attacker received a valid reset link. This let them set a password and fully access an account that was never verified nor created, leading to a critical auth bypass.

Parth Narula
Parth Narula

Difficulty: Medium

hyperlink injection protection bypass

Deep dive in Hyperlink Injection Protection Bypass

The bug involved hyperlink injection where the domain validation logic was bypassed using a double period trick, origannly disovered by Parth Narula. The application checked if the trusted domain was present in the URL string, but failed to properly parse the actual hostname. As a result, the injected link looked safe but actually directed to the attacker’s domain. This could lead to phishing or malicious redirection.

Parth Narula
Parth Narula

Difficulty: Low


Topics

All

Web App

API

Business

Research

Tags

Let's Talk

Do you want to learn more about how I can help your company in your pentesting needs? Let us have a conversation.