Saturday, October 10, 2015

XSS in Heroku (Bug Bounty)

I found a Cross site scripting in Heroku has their bug bounty program hosted in Bugcrowd. This is my first bug in bugcrowd. The bug was fixed after 2 weeks and rewarded me with a $200 bounty.

Steps to reproduce:

         1. Go to
         2. Go to "Deploy tab"
         3. Click "New Pipeline"
         4. Enter XSS payload
         5. Click "Create Pipeline" and XSS pop-up




No comments:

Post a Comment