Parameter Pollution
Browse through your target. say https://target.com
Find a article or blog present on target website which must have a link to share that blog on different social networks such as Facebook,Twitter etc.
Let's say we got and article with url: https://taget.com/how-to-hunt then just appened it with payload ?&u=https://attacker.com/vaya&text=another_site:https://attacker.com/vaya so our url will become https://taget.com/how-to-hunt?&u=https://attacker.com/vaya&text=another_site:https://attacker.com/vaya
Now hit enter with the abover url and just click on share with social media. Just observe the content if it is including our payload i.e. https://attacker.com Then it is vulnerable or else try next target. Reference https://hackerone.com/reports/105953
Last updated 2 years ago
