{"blog_url":"https://cysec148.hatenablog.com/","image_url":"https://cdn-ak.f.st-hatena.com/images/fotolife/T/ThisIsOne/20220430/20220430085014.png","url":"https://cysec148.hatenablog.com/entry/2022/04/30/090708","width":"100%","provider_name":"Hatena Blog","provider_url":"https://hatena.blog","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2022%2F04%2F30%2F090708\" title=\"How I was rewarded a $1000 bounty after abusing File Upload functionality\u3092\u8a33\u3057\u3066\u307f\u305f - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","author_name":"ThisIsOne","title":"How I was rewarded a $1000 bounty after abusing File Upload functionality\u3092\u8a33\u3057\u3066\u307f\u305f","categories":["Bug Bounty"],"height":"190","type":"rich","description":"Hello there, ('\u03c9')\u30ce \u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u6a5f\u80fd\u3092\u60aa\u7528\u3057\u305f\u5f8c\u3001\u5831\u5968\u91d1\u3092\u53d7\u3051\u53d6\u3063\u305f\u65b9\u6cd5\u3092\u3002 \u8106\u5f31\u6027\uff1a \u7121\u5236\u9650\u306e\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9 \u4fdd\u5b58\u3055\u308c\u305fXSS \u8a18\u4e8b\uff1a https://kunalkhubchandani.medium.com/how-i-was-rewarded-a-1000-bounty-after-abusing-file-upload-functionality-to-stored-xss-945a40ac6f94 \u4eca\u56de\u306f\u3001\u30d5\u30a1\u30a4\u30eb\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u3002 \u3053\u308c\u306f\u3001\u4fdd\u5b58\u3055\u308c\u305fXSS\u306b\u7d9a\u3044\u3066\u3001\u30d5\u30a1\u30a4\u30eb\u304c\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3055\u308c\u308bURL\u3092\u3002 \u4e0e\u3048\u3089\u308c\u305f\u88ab\u5bb3\u8005\u306e\u8cc7\u683c\u60c5\u5831\u306e\u76d7\u96e3\u2026","blog_title":"Shikata Ga Nai","published":"2022-04-30 09:07:08","version":"1.0"}