beef-hook

1 article
sort: new top best
clear filter
bug-bounty480 google298 xss277 microsoft249 facebook212 rce160 apple150 exploit137 bragging-post102 account-takeover98 malware94 csrf84 cve80 privilege-escalation74 stored-xss65 authentication-bypass64 writeup61 reflected-xss57 react54 browser54 cloudflare51 ssrf51 dos50 phishing50 access-control49 cross-site-scripting48 input-validation48 node47 docker46 aws46 smart-contract45 sql-injection45 ethereum44 defi43 supply-chain43 web-security43 web-application42 oauth41 web339 burp-suite36 lfi35 idor34 vulnerability-disclosure34 html-injection33 race-condition32 smart-contract-vulnerability32 reverse-engineering31 clickjacking31 csp-bypass30 information-disclosure30
0 8/10
Poisoning the well compromising godaddy customer support with blind XSS
vulnerability

A researcher discovered a blind XSS vulnerability in GoDaddy's internal customer support panel by injecting XSS payloads into user profile fields (first/last name), which executed when support agents accessed the CRM system. The vulnerability allowed arbitrary actions on customer accounts including domain transfers and account deletion, demonstrating how data poisoning can compromise backend systems drawing from shared data stores.

blind-xss stored-xss customer-support internal-panel dom-based-xss xss-hunter data-poisoning bug-bounty godaddy input-validation output-encoding session-hijacking beef-hook
GoDaddy XSS Hunter Cobalt BeEF crm.int.godaddy.com sso.godaddy.com
thehackerblog.com · devanshbatham/Awesome-Bugbounty-Writeups · 22 hours ago · details