Bypass WAF 500 Unauthorized Access! to Reflected XSS (Cross Site Scripting)- Developer BCA

Waf! Waf! Waf!

Little Story

Email from Developer BCA

Steps to Reproduce

  1. Opening the website page https://developer.bca.co.id/registration/confirmemail.php?confirm=XSS
https://www.facebook.com/Alone.Injector (Fareed Baloch)
I love it❤

Bad Ending~

Reference

Follow Me

--

--

--

No One Knows Who I Am

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What Time Is It There?

Creating a dynamic response of an API/Microservice

To Be Continuous: From Monolith to Microservices

Corporate CI/CD Setup — Introductions and Installations

AMA Session (TAIKAI Labs)

AMA Session (TAIKAI x Bepro Network Labs)

Data Structures and Algorithms

Extracting Keywords from “Keyword extraction”

Meeb Master and PolyDex Partnership

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Caesar Evan Santoso

Caesar Evan Santoso

No One Knows Who I Am

More from Medium

My Pentest Log -13- (Bypass Renaming on File Upload)

AlbusSec:- Penetration-List 05 Cross-Site-Scripting (XSS) — Part 2

Know what you pay for: is $1 million for a bug report too much?

No Rate Limit at Reset Password Endpoint can Lead to account takeover (APPLE CORP)