javascript-context

1 article
sort: new top best
clear filter
bug-bounty512 xss297 google214 rce180 microsoft174 facebook161 exploit143 account-takeover118 bragging-post117 malware112 cve102 apple102 privilege-escalation92 csrf88 authentication-bypass79 stored-xss75 open-source68 phishing67 writeup67 reflected-xss63 access-control62 web-security60 ai-agents59 ssrf55 browser53 input-validation52 dos50 reverse-engineering49 defi48 smart-contract48 cross-site-scripting48 sql-injection46 ethereum45 cloudflare43 lfi41 information-disclosure40 supply-chain39 api-security39 oauth39 react38 web337 race-condition37 web-application37 burp-suite36 tool35 ctf35 idor33 smart-contract-vulnerability33 pentest33 html-injection33
0 6/10
Story of parameter specific XSS
bug-bounty

A reflected XSS vulnerability was discovered in a private program where URL parameters prefixed with 'utm_' were reflected without encoding in a JavaScript context. The breakthrough came from fuzzing parameter names themselves rather than values—specifically injecting JavaScript payload directly into the parameter name (e.g., 'utm_foobarbaz\')<>') which bypassed encoding applied to parameter values.

xss reflected-xss parameter-injection parameter-name-fuzzing encoding-bypass utm-parameter javascript-context
Rahul Maini
noob.ninja · devanshbatham/Awesome-Bugbounty-Writeups · 11 hours ago · details