XSS Challenge which hosted by bugpoc.com
2021-06-10 08:46:39 Author: infosecwriteups.com(查看原文) 阅读量:121 收藏

Ali TÜTÜNCÜ

Hello there,

In this article, I will share how did I get alert on my target. It was http://dogs.buggywebsite.com/.

I visited the website and I saw a search bar. I thought xss is there!

I tried to search for something, that’s why wrote “A”. It listed dog breeds that starts with “A”. Response:

Something caught my attention. I couldn’t see any parameter on the URL. Interesting! Then I tried to list the subdomains, maybe I can get more information etc. but I saw it have only two subdomains:

I wanted to check request and response when I search a text. I opened Burp Suite and I put “A” to search box. Request & Response:

It was a normal json response (Content-Type: application/json). If I want to get the alert, it must be text/html! I tried to change the Accept header with text/html (It was application/json).

And Content-Type changed as text/html, successfully. Yay! Next step is getting domain name via alert. I tried a simple payload: <script>alert(document.domain)</script>

And boom, P1! Haha :D. Successfully exploited. I created a poc using https://bugpoc.com/.

Here is the poc code: https://pastebin.com/7nZvm6Cv

I hope you had fun reading this. If you want, you can follow me on my social accounts:

https://twitter.com/alicanact60

Also you can follow https://bugpoc.com’s twitter address:

https://twitter.com/bugpoc_official


文章来源: https://infosecwriteups.com/xss-challenge-which-hosted-by-bugpoc-com-8afcb7e022de?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh