SCENARIO OF REFLECTED CROSS-SITE SCRIPTING VULNERABILITY $$$$
Today I’m going to share one of my RXSS Scenarios.
During my hunting on an eccomerce website see what methodology I used for hunting these days. A couple of years ago, I rely on Automation Testing and received a lot of Duplicates & Not Applicable.
Then I started Manual Approach using Google Dorks and try to visit each n every parameter and understand the Blocks of codes.
Suddenly in my target application, I discovered two parameters where I have to enter my address so that for basic tags I used this: Xss<>
Now I opened Inspect Element tab and I was shocked that my Xss<> doesn’t sanitize properly Instantly I crafted a Payload which is an image source
<img src=xss onerror=alert(document.domain)>
And always remember during testing for XSS vulnerabilities if there was multiple parameters the test like this
Parameter 1:
<img src=xss onerror=alert(1)>
Parameter 2:
<img src=xss onerror=alert(2)>
If any parameters are vulnerable then the pop-up indicates the alert number.
Reported them and got this
Proof of Concept: (VIDEO)
Youtube: https://youtu.be/-rzi12DHYps
Thanks for taking the time to read my write-up and share it with your friends, Like & Follow for more updates.
Follow me:
