I bet you have heard about Chess.com even if you are just a little bit involved in the “chess world”. I have been playing and using their platform for around 6 years and I genuinely enjoy it.
Press enter or click to view image in full size
You can read the full story here. Lets continue.
I was scrolling through bugcrowd when I thought Why shouldn’t I test their web application.
Press enter or click to view image in full size
I started with XSS. (Everyone does.. right? right?) and I found something. Not exactly XSS but a JS crash on the user profile which allows anyone to hide their profile from others which means NO ONE can view their games, see friends etc. A total Crash.
Press enter or click to view image in full size
Edit your Status with the payload and done.Easy right? Exploits are often simple.
I tried a bunch of payloads but only prompt with document attributes worked.
/*/prompt(document.domain)/*/ ---|
/*/prompt(document.cookie)/*/
---> these two crashed the page
/*/prompt(1)/*/ ----> didnot work