BOOK THIS SPACE FOR AD
ARTICLE ADLet say the Page is: example.com
In these page i found a reflected parameter like that:
example.com/siteview/8753_OnlinePharmacy.pml?s=<script>alert(1)</script>
When i put these basic payload it reflect in the page like that: Scriptalert1/script i try to bypass it but also not valid :(
so after that i try is in the page there are a search bar i put these payload in it: <script>alert(1)</script> and suddenly it direct gave me a alert without press enter (the payload work only when i type it in the search)
But still there are a problem that these is a self xss and cant do it on a victim so i still thinking what i can do to convert it to a reflected xss
hmmso i got an idea to see if these page vulnerable to clickjacking so i can chain the two vulnerabilities to convert it to reflect xss so i go to clickjacker to test the page and guess what the page was vulnerable to clickjacking
Now i can make these page and send it to the victim
when the victim past these: WIN100000$ he actually past these payload: <script>alert(1)</script on the search bar of example.com using these script