How I Found My First Bug | XSS

How I Found My First Bug | XSS

Hello everyone,

My name is Fariio :D.

Today I'm gonna talk about how I found my first bug on a website and I hope this article can help others to find their first bug too.

بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ
Let’s get started.

First I was reading a write-up on how to find your first bug, which discussed using Google dorks to find vulnerable parameters.

The writer listed some google dorks for finding vulnerable parameters; one of them was :

So simply I copied it and pasted it into the browser and searched for it.

After some searching and testing various parameters on websites I found the chosen website :D

Then I opened my burp and sent the request to the Intruder, adding the § mark where I wanted my payloads to run,

and loaded some XSS payloads from Cross Site Scripting ( XSS ) Vulnerability Payload List and started the attack.

After testing some payloads, I stopped the process and felt that the eighth payload was the one because I had been reviewing the source code and realized that this payload is appropriate since the form tag needs to be closed first.

I right-clicked and showed response in browser and BOOM!! IT ACTUALLY WORKED!!

Sadly.. after some research about this website, I found that someone had already discovered it before, but it was a great experience.

In conclusion, I hope my explanation was clear.

Thank you for reading!