.png)
3 hours ago
5 BOOK THIS SPACE FOR AD
ARTICLE ADTo start, I used a combination of Waybackurl and Burp Suite to analyze a university domain website. I identified a search functionality with the following structure:
Next, I viewed the source code of the webpage and noticed something intriguing.
When I typed “Bl4cky” into the search field. Interestingly, the key variable already had input validation built in — it blocked every HTML tag I tried to insert. Next, the url variable will be added to the string. So it will become https://abc.example.edu.vn/tim-kiem/{key}
Would the final URL become something like:
https://abc.example.edu.vn/{key}
In this case, before adding the string url = ‘Bl4cky’. It is obvious that we have manipulated the URL, where Bl4cky is an Untrusted Data that I can manipulate to perform XSS.
I tested my hypothesis with the following payload:
erl25"%20onmouseover="alert(1)"%20title="test%E2%80%ACWell done, I successfully executed the payload, triggering the alert(1) JavaScript function. This confirmed that the application was vulnerable to Reflected XSS due to improper handling of untrusted data.
Hope you learned something new from my experience. Let me know your thoughts on this!
If you like this write-up, Share!
Thank you!
Bengali (Bangladesh) · 
English (United States) ·