My Journey Finding HTML Injection Vulnerability in a popular British Accountancy platform | allinfosecnews.com

March 3, 2023, 1:19 p.m. | ParagBagul

System Weakness - Medium systemweakness.com

As a security enthusiast, I’ve always been fascinated by finding vulnerabilities in websites and web applications. I discovered a stored HTML injection vulnerability in popular British Accountancy platform, a popular web application that allows users to manage their finances.

This vulnerability allowed me to execute HTML code on the website, which could potentially harm users’ accounts and expose sensitive information. So, I decided to dig deeper and see if I could exploit this vulnerability.

Here’s what I did:

Step 1: …

british bug bounty bug-bounty-writeup bug-fixes html html injection injection platform popular vulnerability web

More from systemweakness.com / System Weakness - Medium

IDOR Attacks Demystified: How They Work and How to Prevent Them 2 days, 17 hours ago | systemweakness.com

attacks business compromise confidentiality +13

How does Single Sign-on (SSO) interact with Active Directory (AD) and Outlook? 2 days, 17 hours ago | systemweakness.com

access active directory applications authentication +15

OSI Model & TCP/IP Comparison 2 days, 17 hours ago | systemweakness.com

access communication deals frameworks +14

First AD home lab 3 days, 13 hours ago | systemweakness.com

access active directory building can +17

3 Steps to protect yourself from Prompt Injection 3 days, 13 hours ago | systemweakness.com

prompt-engineering prompt injection security

Clocky | TryHackMe Write-up 4 days, 11 hours ago | systemweakness.com

ctf ctf-writeup tryhackme tryhackme-walkthrough +1

Bypassing Aquatone’s lack of ability to take screenshots of private websites 4 days, 11 hours ago | systemweakness.com

automation cybersecurity hacking pentesting +1

Tuesday Morning Threat Report: Apr 30, 2024 4 days, 11 hours ago | systemweakness.com

analysis artificial intelligence bad customers +21

Staying Anonymous — Ethical Hacking as a Beginner [09] 4 days, 11 hours ago | systemweakness.com

anonymous beginner communication cybersecurity +22

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom

View on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States

View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US

View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States

View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States

View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)

View on infosec-jobs.com