Open in app

Sign in

Write

Sign in

HOW RECON HELPED ME TO GET A STORED XSS!

Faiyaz Ahmad
3 min readApr 16, 2022
Reconnaissance in bug bounty is very important!

INTRODUCTION

Hey everyone! I hope you all are doing good. In this article i am going to show you that how i was able to find a store cross site scripting vulnerability by diving deep into the target.

Before we jump into this article, if you guys are not familiar with cross site scripting vulnerability then you can check it out here.

First of all, let us talk about what is recon?

In simple terms, it is a way to gather more and more information about your target. Let’s take a simple example:

Suppose you are a person A and you have a crush on person B. So normally you will stalk her social media profiles to get more information about what she likes, what she is doing today. You are probably doing this so that you can get to know more about her. This is what reconnaissance is all about.

I hope you understood what reconnaissance is from the above example. But unlike in the example above, your target is going to be a website or an organization.

STORY OF STORED XSS:

I was hunting on private program that offers a coding platform to its users.(We’’ call it Vulnerable Organization). The first thing that i started to do is visit crunchbase to get more acquisitions of the company. I found that the company has 2 acquisitions(Lets say Org1 and Org2). There, i search Org1 on crunchbase and found that this company also has one acquisition. (Let’s say Org3). After this, i started manual testing on the Org3’s website(let’s say testing.com). There i found an input field that is asking for name. I passed the value below and click on Go:

<img src=x onerror=alert(1)>

After that, i got the following result:

Alert popped up!😁😁😁😁

I reported this vulnerability to the respected company and they offered me company’s swag😇😎

Takeaways:

  • While recon may seems to be boring at first, but it can become your ultimate hacking weapon that will separate you from rest of the crowd.
  • Follow the road less traveled.

So, that’s it for this article. I hope you all learnt something new. Let’s meet in another article. Till then,

If you are want to learn more about hacking, how-to and more cool stuffs then check out this amazing blog.

If you want to create your own hacking tool using python that can hack any windows machine then check out this course:

Hacking Windows with Python from Scratch (2022)

Over 100+ students from different countries have enrolled this course! What are you waiting for? Enroll now!

Cybersecurity
Bug Bounty
Ethical Hacking
Information Technology
Computer Science

--

--

Faiyaz Ahmad

Written by Faiyaz Ahmad

1.4K Followers

Learn cybersecurity for free: https://bepractical.tech

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams