How I Found Multiple XSS in Hidden Legacy Pages

Introduction

Finding the vulnerability

  1. Open https://sub.redacted.com/robots.txt
  2. Found a directory named “web-app”
  3. /web-app/ is blank so I tried guessing random files.
  4. /web-app/dashboard.php redirects to /web-app/logout.php
  5. Then I view-souce and found lots of .js files.
  6. .js files contains URLs and lots of parameters 😎
  7. Manually checked all the URLs and parameters (a lot are not working since they are legacy pages). This is to see if any of the parameter values get reflected in the page.
  8. Finally found 2 reflected XSS vulnerabilities (1 authenticated and 1 unauthenticated).

Report Timeline

--

--

--

Future Engineer | Bug Bounty Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Types of FTTH Cabinet

Simple Guidelines for Managing Open-Source Software

RebaseAPY Private Sale Whitelist Registration Announcement!

How to Fix Blue Snowball Not Working Windows 10 [5 Solutions]

Interview with Rick Song, CEO at Persona

8831994866?profile=RESIZE_584x

Guarding The Smart House

{UPDATE} Infinite Line Hack Free Resources Generator

The need for Automated Security Infrastructure in an Agile world

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Marx Chryz Del Mundo

Marx Chryz Del Mundo

Future Engineer | Bug Bounty Hunter

More from Medium

SVG based Stored XSS

My write-up in hacking IBM’s administration panel and getting SQLi on it

WTF IS IDOR!?

Hunting for Bugs in Shopping/Billing Feature.