Day 48/100 Hack and Improvement

less than 1 minute read

Day 48 comes with a SSRF found by nahamsec and a XSS bypass in namecheap.

SSRF in Lyft by Nahamsec

From Rajesh Ranjan. Today I want to talk about an interesting SSRF issue dis coved by Nahamsec on Lyft.

There is an interesting Video on Stok’s Youtube channel, in which you can see that, how nahamsec discovered this vulnerability live. Checkout the Video here

Hackerone Report https://hackerone.com/reports/885975

Payloads to bypass XSS filters

There are a LOT of payloads to bypass different filters and firewalls at the time to attempt an XSS attack. In this case, the XSS was agains namecheap.com. But the firewall was blocking the payloads.

TO bypass the firewall and some html encoding depends on different factors such as where the HTML tag is located and what kind of HTML tag is being used at the time to attempt the XSS attack. In this case, the attacker was located in a <a> tag. Therefore, this was the following payload.

<a href=”javascript&colon;alert&lpar;document&period;domain&rpar;”>Click Here</a>

Then, there was another payload which goes included like:
”><iframe/src=javascript&colon;[document&period;domain].find(alert)>

Full write up here.

Leave a comment