My first 0day exploit CSP Bypass Reflected XSS

My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY | by Ali TÜTÜNCÜ - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original My First 0day Exploit (CSP Bypass + Reflected XSS) #BUGBOUNTY Bug Bounty ;) Ali TÜTÜNCÜ Follow ~2 min read · October 7, 2018 (Updated: July 8, 2020) · Free: Yes My First 0day Exploit (Reflected XSS) #BUGBOUNTY Hi guys! Steps: When I went to https://example.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy=0 , saw this code block: 2. Then I thought about which characters I could use. So, I went to: /();" target="_blank">https://example.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy="'<>/(); Then I saw I could not use for get xss. I thought I will not bypass it, but maybe I can add javascript. So, I can get xss. After researching javascript for a while, I created the required block of code: ); alert(document.domain); if (1 When I go to https://example.com/amp-iframe-redirect?scheme_redirect=&redirect_strategy=); alert(document.domain); if (1 , I saw the xss alert ;) Some popular companies are using this script. Example; Shopify Canva Yelp Western Union Cuvva etc And reported developer's bug bounty program. Then, this's fixed. If you want to get more notifications about my works, that's my Twitter account. https://twitter.com/alicanact60 #security #bug-bounty Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).