How I ethically hacked one of the domains of the United Kingdom

Prince Roy(RoyzSec)
3 min readSep 5, 2023

Har Har Mahadev🔱. This is Prince Roy, a cyber security researcher. Few months back I found a security issue on the one domain of [gov.uk]. That was quite easy to find. Are you guys excited to know how I found it?

Okey! First and foremost, I got one tip from my mentor, Aditya Shende sir: which websites are directly accessible via IP address, those websites don't have much of a security layer, like Cloudflare. So, according to this tip, I went to https://search.censys.io/ and put gov.uk in the search bar.

After that, I got one domain that was directly accessible by IP address. Moreover, I found a search bar over there. Then I search “hello” to test how it works.

Then I found that “hello” was reflected with ‘hello’. So, I tried to bypass this [ ‘ ’ ] and put this payload in the search bar

hello'><img src=x onerror=confirm("You-Hacked-by-Prince!")>

Then guess what? It successfully popped up!

After seeing that I was over the moon.

In the next step, I went to Hackerone because the National Cyber Security Center of the UK takes reports through Hackerone. After a few days, they triaged my report and resolved it.

Finally, thanks to everyone for reading this small blog of mine.

Please follow my Social media accounts for further updates:

Linkedin: https://www.linkedin.com/in/prince-roy-4b9a75187/

Twitter: https://twitter.com/royzsec

Github: https://github.com/royzsec

--

--