.png)
15 hours ago
6 BOOK THIS SPACE FOR AD
ARTICLE ADi used a BBot framework to get alot of information about the target and i found just 11 subdomain !!
bbot -d example.com -o subbdomain.txtat the begin I'm so frustrated but its okay lets continue
second thing i passed the subdomain.txt file to httpx tool to filter the alive subs
cat subdomains.txt | httpx -silent -o livesubs.txtin the crawling way i prefer to use a katana tool for gathering additional endpoints
katana -l livesubs.txt -o endpoints.txti also used a wayback to extract alot of urls from the list of livesubs.txt
cat livesubs.txt | waybackurls | tee -a urls.txt# i prefer to use tee command to see the output of the urls on the screen
After completing the recon phase, i prefer to go to the main domain to explore it will and know every function and every button and etc ..
After this i go back again to the endpoints.txt file to try to test for XSS, i saw a parameter called “page?=” in the main domain
www.example.com/resources/mobile?page=i tried to inject it with my custom payload and it WORKED!!
www.example.com/resources/mobile?page=9">"'><svg onload=alert('XSS')>So now how i Found 5 XSS ??
After this i go back to the subdomain.txt list to check the subdomains and I noticed SOMETHING !
the name of the subdomain it belongs to the region of the country lets explain this :
www.es.example.com => it belongs to the country spainwww.it.example.com => it belongs to the country Italy
# so now it have the same everything like the main domain even the functionlaity
A thought crossed my mind, I said, ‘ try it.’
i go back to the endpoints.txt list and grep only the param “page?=”
cat endpoints.txt | grep "page?="AND BOOM!!! i saw that this param in 5 subs of the list which means that it also affected in this subdomains , i tried to inject my custom payload and it worked
i reported it and it accepted but still not patched
i hope you got a new idea in this article and see you soon in another one ❤
1- www.linkedin.com/in/ziadmahmod
2- if you are interested in solving CTF and portswigger labs go check my youtube channel 🔥
Bengali (Bangladesh) · 
English (United States) ·