🟠Path Traversal To XSS
Fuzzing for some hidden params using param miner and param miner returned a parameter. Encountered a 500 internal error, indicating a server-side issue on the backend. Using Cewl found a valid value leading to injecting XSS.
| Url | Type | Bounty |
|---|---|---|
| https://medium.com/@0xold/null-byte-on-steroids-23f8104a25ec | XSS | - |