How i found 29 stored XSS in modern framework
XSS is a most common vulnerability. It is easy to learn for a beginner but when it comes to modern applications then it makes hard for us to find and exploit. In this article i will share my story, how i was able to find a lot of XSS in modern applications.
I got a private program on Intigriti 3 months ago. When I looked at the Overall stats, 78 submissions have already been made by other researchers.
I decided to test the application and put my all payloads each and every endpoints. like comments, names fields and other endpoints.
Most of the applications implement input validation as first line of the defence. They filter the common html attributes like Angle brackets (< >) and script tag. So firing payloads blindly in generally not worked. I failed to get XSS on any endpoint.
I put these three payloads each and every endpoints.
"style="position:fixed;top:0;left:0;border:999em solid green;" onmouseover="alert(document.domain)"
{{_c.constructor('alert(1)')()}}
{{constructor.constructor('alert(1)')()}}XSS on First name, Surname, Info text
When i put these payloads and save, i didn’t get any pop-up on screen, then i refresh the page and i got pop-up on my screen with green background.
I spent 3 months in this program and found 29 stored XSS and 20 IDORs.
Because this was a private program, i can’t disclose the other endpoints. after 3 months, i hit the leaderboard and now i am in the first position.
Bug bounty tips:
- Deep dive into application functionality.
- Put your payload each and every endpoint.
- Understand the application defence mechanism.
Reference:
