.png)
6 months ago
33 BOOK THIS SPACE FOR AD
ARTICLE AD
Heres a simple story how I got a simple XSS after reading a medium article. For full context I recommend reading the original finders article by Prince Roy found here
Assuming you know the basics of how this XSS works, we will get into my side of the story
This wasn’t my normal discovery, I was reading through different articles and stumbled upon a story by the talented hacker Prince Roy (who you should follow if you don’t already). I noticed in his article that he posted links, and I love seeing stuff for myself so I clicked on them. This is where I noticed it was still giving the same response as he had originally got
I then tried his payload and noticed it didn’t work, I tried a few others and nothing either, but it still seemed vulnerable to me so I fired up dalfox to test for me. I unfortunately do not have the screenshots of dalfox running as this was found over a month ago.
dalfox url https://training.weather.gov/pds/climate/index.php?unit=7It didn’t take long before it gave a hit! I then tested the payload and sure enough we got an XSS:
The payload in this case was:
7%22%3E%3Csvg%2FOnLoad%3D%22%60%24%7Bprompt%60%60%7D%60%22%3EI submitted this vulnerability to them, got a quick response saying it was valid and they would let me know when it was fixed. After not hearing anything for a few weeks I decided up to follow up and check in on the status and it was fixed!
I appreciate you guys reading and will hopefully be able to share a few more bugs soon!
Bengali (Bangladesh) · 
English (United States) ·