How i got easy multiple RXSS

5 months ago 40

BOOK THIS SPACE FOR AD

ARTICLE AD

After finding the parameter values are reflected in the response

6-Let’s get started with Manual Testing

https://subsubsub.subsub.test.exap.com/?edit-menu-item=mekky1&error=mekky2&post_title=mekky3&x=mekky4&down=mekky5&state=mekky6&data=mekky7&auth=mekky8&themes=mekky9&captcha=mekky10&nickname=mekky11&allusers=mekky12&color=mekky13&path=mekky14

As you can see, I distinguish each parameter with a distinct word in order to know and confirm which one will work, which is reflected in the source code.

As you can see, there is only one parameter that may be reflected in the source code

7-You can inject any JavaScript payload and it will execute e.g

JavaScript payload :- mekky2><script>alert("0xmekky")</script>

URL :-https://subsubsub.subsub.test.exap.com/?edit-menu-item=mekky1&error=mekky2><script>alert("0xmekky")</script>&post_title=mekky3&x=mekky4&down=mekky5&state=mekky6&data=mekky7&auth=mekky8&themes=mekky9&captcha=mekky10&nickname=mekky11&allusers=mekky12&color=mekky13&path=mekky14

booooooooooom

As you can see here, the entire payload is in the source code, which means that there is no filter or waf

8-I noticed in the SubDomains file that there are many SubDomains for SubSubDomain

e.g.

SubSubDomaine :- subsub.test.exap.com

SubDomains for SubSubDomain :-
1- new.subsub.test.exap.com
2- new2.subsub.test.exap.com
3- new3.subsub.test.exap.com
etc.........................................

9-Filter the file and search for a specific value to extract everything underneath subsub.test.exap.com using grep

Read Entire Article