.png)
5 months ago
36 BOOK THIS SPACE FOR AD
ARTICLE AD
While exploring the website https://redacted.com/, I stumbled upon a fascinating vulnerability in the search functionality. This discovery not only highlighted the efficiency of my #IBRAHIMXSS Tool but also underscored the importance of thorough testing in web security.
It all began on the Redacted.com homepage, where I noticed a search bar prominently displayed. Curious, I typed “aaa” into the search field and was redirected to a new URL: https://redacted.com/search/aaa. Interestingly, my search term “aaa” appeared directly in the path URL without any query parameters.
Recognizing the potential for an XSS vulnerability, I decided to inspect the page response. Upon closer examination, I found the following HTML meta tag:
<meta property="og:description" content="Results for 'aaa' Movies and Series | redacted.com "/>To probe further, I tested the input with aaa'<, which resulted in:
<meta property="og:description" content="Watch aaa'< movies and series for free on Redacted, download aaa'< movies and shows in HD with Redacted"/>At this point, I realized that this input was potentially injectable, and I decided to use the --path option in my #IBRAHIMXSS Tool to further investigate. The tool allows for thorough path-based analysis, making it ideal for this scenario.
Using the Wappalyzer extension on Firefox, I identified that the Redacted.com domain is built on Vue.js 2.6.10. This information was crucial as it helped tailor my attack vectors.
Armed with this information, I fired up the #IBRAHIMXSS Tool and deployed a full suite of payloads. Within seconds, the tool generated a report filled with multiple popups, indicating successful execution of several JavaScript and Angular payloads.
This discovery is proof that the #IBRAHIMXSS Tool works without any false positives and is highly accurate. It’s a unique tool designed to identify XSS vulnerabilities in various web applications, utilizing path-based XSS and many other advanced options. For anyone looking to learn more about XSS or earn money through bug bounty programs, this tool is the perfect combination. It’s also ideal for pentesters who want to ensure their work is comprehensive and accurate, providing clients with safe reports and the confidence that no XSS vulnerabilities will be found later.
I am excited to confirm that the official release of the #IBRAHIMXSS Tool will be on July 18th.
This discovery once again demonstrated the effectiveness of the #IBRAHIMXSS Tool in identifying and exploiting XSS vulnerabilities. The tool’s ability to handle complex payloads and provide accurate results makes it an invaluable asset for any security professional.
Bengali (Bangladesh) · 
English (United States) ·