Cross Domain Referrer Leakage

It is my first writeup so please ignore the mistakes.

I was searching for a program where I can test my skills and finally got it, I can’t disclose the program name so I will call it “target”.

I tried all my skills on finding IDOR, CSRF, XSS etc. but it is secured. Then I go to password reset area, user enumeration & victim flooding is out of scope. Finally I go for Cross Domain referrer Leakage.

What is Cross Domain Referrer Leakage?

I am here to discuss how to reproduce it, not for discussing what this vulnerability is, so for understanding that you can read this:

Steps to Reproduce:

  1. Go to Password Reset area and send forget password link to your email address.
Image for post
Image for post
Request will look like this

I reported this to target website and finally get a reward of 300 USD :)

Image for post
Image for post

Thanks :)

Written by

I am bug bounty hunter at Hackerone :)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store