Saturday, October 10, 2015

XSS in Heroku (Bug Bounty)

I found a Cross site scripting in dashboard.heroku.com. Heroku has their bug bounty program hosted in Bugcrowd. This is my first bug in bugcrowd. The bug was fixed after 2 weeks and rewarded me with a $200 bounty.


Steps to reproduce:

         1. Go to dashboard.heroku.com
         2. Go to "Deploy tab"
         3. Click "New Pipeline"
         4. Enter XSS payload
         5. Click "Create Pipeline" and XSS pop-up


Image:









Reward:

$200

No comments:

Post a Comment