In this story i’m gonna share how I found my first bug in a wallpaper website.
Writing a story after a loooong time , but this time I’m writing about my first bug that I’ve found. Lets being!
let’s assume that vulnerable wallpaper site as www.testwallaper.org
So the night of last Friday, was just searching for some wallpapers for my in Google Images after few minutes found a nice wallpaper and opened the wallpaper link in new tab and the URL looks like this : https://testwallpaper.org/download.php?file=somename.jpg/ with my happy face I tried to download the wallpaper but the download button opens the image instead of downloading it… But after that I noticed that the URL has a file parameter, hmm interesting…
Now I just entered the most common xss payload <script>alert(“hacked”)</script> Boom it works!
with this excitement I started injecting some funny payloads which reflected like this:
also I tried to inject some file link so that when someone clicks the download button they can download that file to their system which means an attacker can inject any malicious file link in the URL.
on the next day with this severity I started searching for the owner’s mail address to report this issue, found the mail and started composing the mail with detailed POCs and explanation, and sent the mail.
And I waited…waited…waited for a whole week but still didn’t get any response but I’m still waiting for the response!
So this is how I managed to find my first bug 😃
But until now I didn’t found any good wallpaper :(
Comment below if you found some.
