I was surfing the internet when I came across this web portal http://www.h2biz.net which I found to be vulnerable to Reflected XSS. So I attempted to make a Stored XSS because I noticed a kind of message board. I have created a temporary email for registering on the website, then I completed the registration phase….
I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.
Here’s a small #XSS list for manual testing (main cases, high success rate).
"><img src onerror=alert(1)>
Try it on: – URL query, fragment & path; – all input fields.
From BruteLogic Twitter account : https://twitter.com/brutelogic
How I was able to discover a Stored XSS vulnerability in Charitybuzz.com – Binit Ghimire
How I discovered a Stored XSS vulnerability in 1MB.site – Binit Ghimire
How I was able to Discover a Stored Cross-site Scripting (XSS) vulnerability in Flaticon – Binit Ghimire