How I Found Dom-XSS on My Collage Website !!!

Hello Everyone ,

My name is Jainil Borisagar and It’s my First Medium Story that i’m writing so let’s start , Firstly i’m completely new in Bug Bounty World and learning about all types of vulnerabilities and recently stumbled upon a DOM-based Cross-Site Scripting (XSS) vulnerability on my own college’s website. It was a thrilling experience, and I hope sharing my journey can help other beginners like me.

Before I dive in, I want to emphasize the importance of responsible disclosure. I reported this vulnerability to my college’s IT department immediately ,and now XSS is Resolved :)

So my collage name is Silver Oak University , Okay so I’d just started learning about XSS, and was Super excited, I immediately went to my college’s website thinking I’d try to find something 😅. I spent ages poking around, looking for any kind of input field, anything I could try to inject some code into. Honestly, I couldn’t find a single visible parameter ! I tried and tried, but no luck. I was a bit discouraged :(

A few days later, I was just randomly browsing the college site again, not even actively hunting for bugs anymore. Out of curiosity, I decided to look at the page source. And that’s when I saw them the four hidden input fields! They weren’t visible on the page at all, just lurking in the HTML.

And I tried with special characters and guess what they were reflecting as it is .

that time I was like ,

Here is the Screen shot of the XSS that I Got ,

As i told earlier I reported this vulnerability to my college’s IT department immediately , it was accepted and now It’s Resolved :)

This first find has definitely fueled my passion, and I’m looking forward to what the future holds !
Thanks for reading, and happy hunting !

Jainil_Borisagar (Linkdin)