A month ago I tried to search a programs in bug bounty and I saw a domain web.com and I try ever with a simple dork: site:web.com ext:html.
Tried to search a different extension the most vulnerable is html because in sometimes exist a little javascript and I saw a webpage with a strange description in google.
And when saw the code in the page exist a javascript with a document.write with the parameter “Title” so if change this parameter for a simple XSS can exploit this parameter.
But I thought in this moment this path is very commun and tried to found this path with the tittle in this html in google with a little Dork: inurl:imagelib/sitebuilder/misc/show_image.html intitle:”Site Builder”
BOOM! multiples domains with this XSS if you try to search in Duckduckgo exist a lot of different domain.
Thanks
Regards,
IAVC