InfoSec Write-ups – Medium–
I am not an XSS guy but just started with blind XSS as I was seeing that many hunters are getting easy bounty from it now also. So I just started searching the web for materials and tools to get started with. So I will share my notes, some of the tools and reports which you can refer to while doing blind XSS.
What is blind XSS?
Blind XSS is a flavor of cross-site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file).
Where to look for Blind XSS……
1- Review forms
2- Contact Us pages
3- Passwords(You never know if the other side doesn’t properly handle input and if your password is in View mode)
4- Address fields of e-commerce sites
5- First or Last Name field while doing Credit Card Payments
6- Set User-Agent to a Blind XSS payload. You can do that easily from a proxy such as Burpsuite.
7- Log Viewers
8- Feedback Page
9- Chat Applications
10- Any app that requires user moderation
For Report Writing- site:hackerone.com blind xss(Use this Google Dork). You will get many sample reports. You can refer them while writing a report
Tools you can use:-
2-Burp Collaborator
3-KNOXSS
Thanks for Reading
You can also enroll for my Bug Hunting Training(Syllabus:Bugcrowd’s VRT Book)
For any quick query or getting in touch with me,You can follow me on
LinkedIn- www.linkedin.com/in/tushars25
Instagram- https://www.instagram.com/th3g3nt3lm4n/
Twitter-https://twitter.com/e11i0t_4lders0n
All about Blind XSS for beginners was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.
Hacker's Directory 