Check out the free, 2-week trial of Detectify:

✉️ Sign up for the mailing list ✉️

This video is an explanation of a bug bounty report submitted to GitLab bug bounty program via Hackerone by William Bowling. It was a 4 step XSS with CSP bypass that at the end was escalated to a critical, serve-side vulnerability that allowed reading arbitrary files from the server. The bug hunter was awarded $16,000 bug bounty for this report.

? Get $100 in credits for Digital Ocean ?


Reporter’s twitter:

Follow me on twitter:


00:00 Intro
00:32 Detectify – the sponsor of today’s video
01:37 Escaping href attribute
03:02 How to bypass filename validation?
03:54 XSS without spaces and /
06:32 How to bypass CSP?
07:37 Escalating the XSS to arbitrary file read

Add comment

Your email address will not be published. Required fields are marked *