HOW I FIND XXS REFLECTED IN 5 SEC

1 month ago 30
BOOK THIS SPACE FOR AD
ARTICLE AD

Hello, my name is Youssef and my nickname is Matrex007
I’m a bug bounty hunter ..

Today I’m going to talk about XSS ATTACK Type Reflected

The first step in any bug hunting process is to gather information about your target. This involves identifying potential entry points and vulnerabilities. In addition to using Google Dorks, employing specialized tools can greatly enhance your reconnaissance efforts.

I used the following command to locate admin pages:

inurl:admin site:*.target.com

This command helps pinpoint admin interfaces that might be poorly secured.

Next, I searched specifically for PHP and JavaScript files using:

ext:php site:*.target.com

This query targets files with the extensions .php within the specified domain. It’s essential to look for both file types because they often contain critical business logic or client-side scripts that could expose vulnerabilities.

Subfinder: Used for discovering subdomains associated with the target. This tool helps identify additional entry points that may not be immediately visible.
Assetfinder: Similar to Subfinder, it helps in finding subdomains and assets by querying various data sources.
Amass: A comprehensive tool for network mapping and external asset discovery. It aggregates data from multiple sources to provide a more extensive view of the target’s attack surface.
Waybackurls: This tool retrieves historical URLs from the Wayback Machine, allowing you to find older versions of the site that might expose vulnerabilities not present in the current version.

These tools significantly broadened my understanding of the target’s infrastructure and potential vulnerabilities.

Analyzing Result :

From my searches, I found a PHP file that had an interesting feature: it redirected input based on a query string:

NAMEFILE.php?id=11

Curious about how the application handled input, I tested various values by manipulating the chapter parameter. This step is essential for identifying any flaws in input validation.

The application does not implement any filtering or sanitization on the characters input by the user. This means that any data entered into the input fields is processed without checks, allowing for potentially harmful scripts or commands to be executed.

During my testing, I decided to inject an XSS payload into the vulnerable input field. I used the following code:

?=anything”;onload=alert(document.cookie);”

I hope you have gained something, even if it’s just one piece of information. Thank you.”

إن أحسنت فمن الله، وإن أسأت فمن نفسي والشيطان

Read Entire Article