A few days ago I found a Cross-site Scripting Vulnerability on WinRAR, now I want to share how I found the vulnerability.
What is WinRAR?
WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH. It can create and view archives in RAR or ZIP file formats, and unpack numerous archive file formats. (Source: en.wikipedia.org)
Okay, let's start
When I open the WinRAR, there is a window that seems to make an HTTP request to a web page.
Now I immediately open BurpSuite to capture HTTP requests made by WinRAR,