InfoSec Write-ups – Medium–
I am not an XSS guy but just started with blind XSS as I was seeing that many hunters are getting easy bounty from it now also. So I just started searching the web for materials and tools to get started with. So I will share my notes, some of the tools and reports which you can refer to while doing blind XSS.
What is blind XSS?
Blind XSS is a flavor of cross-site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file).
Where to look for Blind XSS……
1- Review forms
2- Contact Us pages
3- Passwords(You never know if the other side doesn’t properly handle input and if your password is in View mode)
4- Address fields of e-commerce sites
5- First or Last Name field while doing Credit Card Payments
6- Set User-Agent to a Blind XSS payload. You can do that easily from a proxy such as Burpsuite.
7- Log Viewers
8- Feedback Page
9- Chat Applications
10- Any app that requires user moderation
For Report Writing- site:hackerone.com blind xss(Use this Google Dork). You will get many sample reports. You can refer them while writing a report
Tools you can use:-
Thanks for Reading
You can also enroll for my Bug Hunting Training(Syllabus:Bugcrowd’s VRT Book)
For any quick query or getting in touch with me,You can follow me on