Mohamed Anani
3 min readNov 5, 2022

--

Exploit Feature To Get High Bug impact

how I Exploit Feature To Get High Bug impact

Hello Awesome Hackers, I hope you all doing well!
My name is Mohamed Anani Or 0xM5awy.

In this Write-Up, we will talk about how I Exploit Feature To Get High Bug impact

In the beginning, let’s explain how the website works.
When anyone start hacking and sees that the company has features such as (Post-Comment-Search) and so on, he starts trying to get XSS right?
so as anyone i try to Put
<script>alert(1)</script> in all this fields But unfortunately was giving me a Forbidden Error 403 .. And when I started to understand how Cloudflare works, it turns out that it deletes anything that contains <> and leaves only the content as an example <script>alert(1)</script> will be alert(1) so i say to myself What will happen if you try to use this feature against them? and this what we will talk about in this write-up

in my last write-up i have found a function that allows the user to send private messages to streamers. and To do this, you must buy private messages for tokens so how are we going to use this? When you buy messages with tokens For example, if the user buys 10 messages, he will only be able to send 10 messages, and if he sends them, he will have to buy 10/100/etc to talk with the streamer again.

So After I bought private messages in order to be able to message the streamer, i try to put <script>alert(1)</script> To see what will happens when I do that

And what I expected happened thay delete the <script></script> and leave the alert(1) But what I didn’t expect was that the message was not deducted from the number I bought So i try to send this first to see will happend “hello Streamer” I had 10 messages before I sent this message and after i sent it now i have 9 messages So Now it’s time to see what happens if i sent <script>"Hello Streamer"</script>

What I expected happened , the messages remaining was not going down and the message have been sent with “Hello Streamer” and i still have 9 messages :))

Attack Workflow:

  • The attacker will buy private messages to talk to his streamer account
  • The attacker will send a message to the streamer account with <script>"The Message"</script>
  • The Streamer will got the message “The Message”

The attacker will not lose the Message that he bought it . and now he can use this Feature for free to talk to any streamer ( only he need to buy the first 10 Messages )

Impact

An attacker can send unlimited messages without buying with add bad codes as <script>alert(1)</script>

Unfortunately, they have lowered the Severity to Medium :)

--

--

Mohamed Anani

Someone who will be one of the best Egyptians in this field