BOOK THIS SPACE FOR AD
ARTICLE AD— — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —
It all started one random evening, sitting in front of my screen thinking, “Why not? Maybe I’ll find something interesting.” So, I decided to test one of the biggest car websites in the world. Massive traffic, millions of users — this was going to be fun.
I dove into the website, navigating through the pages, keeping an eye out for any potential input fields or vulnerable spots. Nothing was standing out at first, but then I landed on the search bar. Classic.
The search bar had “test me” written all over it. So, I thought, “What if I drop some JavaScript here and see what happens?”
My first move was to inject a simple JavaScript payload:
<script>alert('XSS')</script>No luck. The website filtered it out, as expected. Fair enough — it’s a big platform, so they should have some level of security. But instead of backing off, I was intrigued. I knew something had to be lurking below the surface.
After a few attempts, it became clear that the code was being sanitized, but not entirely. Every payload I tried brought me closer to understanding how the website handled inputs. It was like chipping away at a wall, knowing there was something behind it.
After several failed payloads, I started thinking outside the box. What if I tried using an event handler, like one that triggers on mouse hover?
Finally, after hours of tinkering, I hit gold. The payload that cracked it was this:
<a href="#" onmouseover="prompt(document.cookie)">Hover here</a>For a second, nothing happened. Then I moved the mouse over the link and… boom🤩. The user’s cookies popped up right in front of me.
You know that moment when you’re searching for something for hours, and you finally find it? Yeah, that was this. XSS was real, and I had just discovered a vulnerability in a site used by millions of people.🔍
This wasn’t just about finding a vulnerability — it was the thrill of the hunt, the hours of trial and error, the failed attempts, and finally, the success. That moment when it all comes together, and you break through. It reminded me that no website is invulnerable, not even the biggest ones.👌❤️