How I Found Reflected XSS ON FORGOT PASSWORD PAGE

Hello Cybersecurity Researchers,

My Name is Mayank Gandhi M-CEH ( METAXONE CERTIFIED ETHICAL HACKER) This is my first article about the vulnerability that I found in the private responsible disclosure program.

let’s get started,

let’s consider the target as redacted.com. I found the vulnerability on forgot password page and the vulnerability exists on one of their subdomains say xyz.redacted.com, the page looks like the screenshot below:

Such as URL like “https://redacted.com/login/pass.php” I intercept the request and add payload after GET /login/pass.php?<script>alert(document.domain)</script>

And then click on go and its boom XSS is injected then i right click on screen and copy that url and boom i got the popup

Now I can Redirected victim and i stole the cookies of this website

see video POC here: https://youtu.be/ONQ6f6d8rFU

subscribe to my youtube channel for bug hunting related stuff : https://www.youtube.com/channel/UCh69B2L9ThUmSBN6a_1ul5Q

if you like POC and video you can follow me on Instagram mr.mayankk_

follow me on Linkedin : https://www.linkedin.com/in/mayank-gandhi-0163ba216/

Follow me on twitter : https://twitter.com/MayankG40326422