All about Blind XSS for beginners

InfoSec Write-ups – Medium–

Google Images

I am not an XSS guy but just started with blind XSS as I was seeing that many hunters are getting easy bounty from it now also. So I just started searching the web for materials and tools to get started with. So I will share my notes, some of the tools and reports which you can refer to while doing blind XSS.

What is blind XSS?

Google Images

Blind XSS is a flavor of cross-site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or in a log file).

Where to look for Blind XSS……

1- Review forms
2- Contact Us pages
3- Passwords(You never know if the other side doesn’t properly handle input and if your password is in View mode)
4- Address fields of e-commerce sites
5- First or Last Name field while doing Credit Card Payments
6- Set User-Agent to a Blind XSS payload. You can do that easily from a proxy such as Burpsuite.
7- Log Viewers
8- Feedback Page
9- Chat Applications
10- Any app that requires user moderation

For Report Writing- blind xss(Use this Google Dork). You will get many sample reports. You can refer them while writing a report

Tools you can use:-


2-Burp Collaborator


Thanks for Reading

You can also enroll for my Bug Hunting Training(Syllabus:Bugcrowd’s VRT Book)

For any quick query or getting in touch with me,You can follow me on




All about Blind XSS for beginners was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

View original article on InfoSec Write-ups – Medium

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s