Edmodo Bug Bounty writeup
XSS

Edmodo Bug Bounty Writeup

I found XSS vulnerability on one of Edmodo asset and it was found to be duplicate.

After my report got duplicated, I decided to bypass the XSS fix and started on the same target https://snapshot.edmodo.com.

The page looked like this and it has some input fields just like a form creation website.

I tried the same payload which I reported earlier just to check if it’s fixed. And it is!

There is no popup and also I noticed the basic XSS payloads are being stripped off.

As you can see above screenshot, the payload didn’t execute. So I tried to understand the fix and decided to use encoded XSS payloads.

This time I used a base64 payload inside <embed> tag and it is a XSS.

The payload executed and popped an XSS.

This payload is limited only to Firefox browser as by OWASP.

Refer to the OWASP’s XSS Filter Evasion cheatsheet for this payload – https://owasp.org/www-community/xss-filter-evasion-cheatsheet

For reporting this vulnerability, Edmodo rewarded me for this vulnerability with exciting goodies.

And after few days I received the swag pack!

Get in touch with me –

https://twitter.com/Pethuraj
https://www.linkedin.com/in/pethu/

Paypal Bug Bounty writeup

How I made to Paypal Bug Bounty $750

Hey Guys, This blog is all about how I made to PayPal Bounty $750 with simple bug as Open Redirect ...
Read More
BMW Bug Bounty Writeup

BMW Bug Bounty – Account Verification Bypass writeup

It all started with the BMW Security Experts Acknowledgment page, missing my name and I decided to give it a ...
Read More