Writeup: Discovering and Exploiting XSS Vulnerabilities — My First Bug Hunting Reward

As an enthusiastic beginner in bug hunting, I recently embarked on a journey to secure my first reward as a bug hunter. I’m thrilled to share my experience and the steps I took to find a cross-site scripting (XSS) vulnerability on a government subdomain, which ultimately earned me my first appreciation certificate.

Step 1: Using Google Dorking to Identify Potential Targets

The first step in my bug hunting process was using Google Dorking to identify potential targets. Google Dorking is a powerful technique that leverages advanced search operators to find specific information on the web. For this hunt, I used the following dork to identify query parameters:

This search helped me discover various pages with search functions that might be vulnerable due to inadequate input validation.

Step 2: Analyzing the Search Function

Once I identified an interesting page, I began analyzing its search function. My initial approach was to test how the website handled user input. I entered a simple payload to check for potential vulnerabilities:

Using this payload, I aimed to close existing HTML tags and observe how the website responded. To my excitement, the search results page displayed a broken layout, indicating that my payload successfully closed an open tag.

Step 3: Crafting an XSS Payload

With the knowledge that my payload could break the HTML structure, I proceeded to craft a more sophisticated XSS payload. The goal was to insert a script that would display an alert containing the document’s cookie. I used the following payload:

I inserted this payload into the search input field and performed a search.

As expected, an alert popped up displaying the document’s cookie. This confirmed the presence of an XSS vulnerability in the search function.

Step 4: Reporting the Vulnerability

After verifying the XSS vulnerability, I documented my findings and prepared a straightforward report. The report included the following information:

- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Recommendations for fixing the issue

I submitted the report to the relevant authorities, highlighting the importance of addressing the vulnerability promptly to prevent malicious exploitation.

Conclusion

Discovering and reporting this XSS vulnerability was an exhilarating experience. It reinforced the importance of thorough input validation and proper security measures, especially on government websites. I am grateful for the recognition and appreciation certificate I received, and I look forward to continuing my journey as a bug hunter.

Disclaimer

This writeup is for educational purposes only. Unauthorized testing or exploitation of vulnerabilities on any website is illegal and unethical. Always obtain proper authorization before conducting any security assessments. Happy Learning!