Hello Everyone, I hope everyone is doing great. In this write-up I am going to explain how did I found a HTML Injection Vulnerability which got me a bounty of $150. Its a private website so lets say the website is www.redacted.com
The website allows to send group invitations as well as custom e-mails to send newsletters. The message body was vulnerable to HTML Injection.
Steps:
- Login to account
- Click on profile
- Go to emails
- Add Payload
- Click “Send Test Email”
