The Story Of A Sweet XSS
Hi wonderful ppl, hope you are doing good. This Gnana Aravind with another write-up. As I was busy with some personal stuffs, I was not able to be consistent here. So here we gonna make a short discussion about a recent finding of sweet XSS. I appreciate my friend Centurion for this finding. Okay lets get deep dived.
About the Bug
So the target was an academy site which had a comment session. As I found an XSS already in the website, I thought of testing XSS in every end points. So the steps I followed are as simple as this.
- Go to comment section of any course in sub.domain.com
2. Click add Question/Comment and Enter the Payload:
<img src=x onerror=alert(document.domain)> or <script>alert(document.domain)</script> on Question title Tag and click Post question
3. Now edit the comment and click save.
WHOOLA ! A sweet XSS is triggered here. Never get tired of hunting bugs, stay consistent and keep working hard. Bug Bounty = smart work + luck, as of my experience. Am in an idea to provide Bug Bounty Tips and More Hacking Tips in my Twitter handle. Do follow and support there -> @gnana_aravind07.
See you in another blog guys, stay safe and keep hacking.
#infosec #bugbounty #cybersecurity