How I ethically hacked one of the domains of the United Kingdom

Prince Roy
3 min readSep 5


Har Har Mahadev! This is Prince Roy, a cyber security researcher. Few months back I found a security issue on the one domain of []. That was quite easy to find. Are you guys excited to know how I found it?

Okey! First and foremost, I got one tip from my mentor, Aditya Shende sir: which websites are directly accessible via IP address, those websites don't have much of a security layer, like Cloudflare. So, according to this tip, I went to and put in the search bar.

After that, I got one domain that was directly accessible by IP address. Moreover, I found a search bar over there. Then I search “hello” to test how it works.

Then I found that “hello” was reflected with ‘hello’. So, I tried to bypass this [ ‘ ’ ] and put this payload in the search bar

hello'><img src=x onerror=confirm("You-Hacked-by-Prince!")>

Then guess what? It successfully popped up!

After seeing that I was over the moon.

In the next step, I went to Hackerone because the National Cyber Security Center of the UK takes reports through Hackerone. After a few days, they triaged my report and resolved it.

Finally, thanks to everyone for reading this small blog of mine.

Please follow my Social media accounts for further updates:






Prince Roy