How I Found My First Bug (RXSS)

1 day ago 12

BOOK THIS SPACE FOR AD

ARTICLE AD

بسم الله والصلاة والسلام على نبينا المجاهد الشهيد

Hello everyone! I’m Abdelrahman, and I’m excited to share my write-up with you

This Writeup shows how important it is to test every single input field on any Website even if it is just a form. So let us start :)

While hunting on a Website (Vulnerability not fixed yet) lets say vulnerable.com i searched for input places. The Website is designed for Shoes,Jackets etc. So I started looking at the Search :)

Identify Input Points: Look for places where user input is reflected in the application’s response, such as search bars, comment fields, or URL parameters.Inject Payload: Use a payload like the one you provided to see if it executes in the browser.Observe Behavior: Check if the script executes. If it does, the application is vulnerable to XSS.

Hmmmm, Try simple payload

;</script><script>prompt(document.cookie)</script>;//{"

Here’s a breakdown of the payload:

</script>: Closes an existing <script> tag.<script>prompt(document.cookie)</script>: Opens a new <script> tag and attempts to execute prompt(document.cookie), which would display the user's cookies in a prompt dialog.;//{": This part is likely intended to neutralize any following code or to close a JSON object.

Lets goooooooo

The payload has been successfully :))

Thank you for you time reading my writeup and i will publish the next Vulnerability soon :) and hope from you to share, like and support my Writeups :) stay safe

Read Entire Article