.png)
2 months ago
40 BOOK THIS SPACE FOR AD
ARTICLE AD
Intro : Hello Hackers! What’s up hope you are all Fine. Today I will share how did I get Reflected XSS on US Department of Education that leads to me a Certificate of Recognition. So let’s jump into it.
First I have started Basic Recon like Subdomain Enumeration. Then I start for Google Dorking to find things Easily. Here I use this Website for easy finding.
Here I use this Dork below to find RXSS.
inurl:q= | inurl:s= | inurl:search= | inurl:query= | inurl:keyword= | inurl:lang= inurl:& site:domain.comI have found some Results and start Analyzing. Here I got a Domain where some texts are Reflecting that is passed in URL. First I try for HTML injection and it worked Well.😀
https://domain.com/?param=Differences<h1>Hacked</h1>Next I try for Executing XSS but it Blocked me. 😪
https://domain.com/?param=Differences<h1>Hacked</h1><img/src=x onerror=alert()>So I tried to bypass it like: Replacing alert() with prompt() or confirm() etc. And it worked for me. 😎
https://domain.com/?param=Differences<h1>Hacked</h1><img/src=x onerror=confirm()>Then I Reported it to them and they accept this as a Valid Vulnerability and rewarded me with a Certificate.
So that’s it for today. Hope you learn something new!!
THANKS FOR READING!
If you enjoy this don’t forget to Like it and Follow me for more Articles.
Linkedin Profile → https://www.linkedin.com/in/subhankar-paul-332085254/
Happy Hacking~
Bengali (Bangladesh) · 
English (United States) ·