ᴍͥᴏᴇͣɪͫɴ
https://x.com/_indexe/status/1959059872596595088?s=46
Good trick 😆
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from BugBounty & Hacking Resources (Meydi)
🔥3
Forwarded from m4st3rm1nd
XSS Writeups and reports
#xss
#writeup
#report
1-RXSS
https://medium.com/@Bishoo97x/bug-bounty-writeups-exploiting-cross-site-noscripting-xss-5dde1473af3f
2-Reflected XSS:
https://medium.com/@heyrm/writeup-discovering-and-exploiting-xss-vulnerabilities-my-first-bug-hunting-reward-0dfb0ebfd6aa
3-RXSS
BurpSuite Intruder
https://kingcoolvikas.medium.com/how-i-found-my-first-xss-on-a-bug-bounty-program-c41107617ce1
4-RXSS , close "</noscript>" tag
https://infosecwriteups.com/my-latest-xss-finding-explained-to-beginners-bug-bounty-8674fa3626e7
5-XSS WAF & Character limitation bypass
https://infosecwriteups.com/xss-waf-character-limitation-bypass-like-a-boss-2c788647c229
6-RXSS
https://decode.novr.one/yeah-i-got-p2-in-1-minute-stored-xss-via-markdown-editor-7872dba3f158
7-RXSS
https://medium.com/@sM0ky4/xss-heres-how-i-got-my-first-bounty-4f64785fe6f8
8-RXSS , Waf Bypass
https://medium.com/@Thigh_GoD/finding-reflected-xss-waf-bypass-as-my-first-bug-b79671f40de2
*9-Self-XSS + CSRF => stored xss
https://medium.com/@renwa/self-xss-csrf-to-stored-xss-54f9f423a7f1
10-self XSS to account takeover
https://medium.com/@behnam.yazdanpanah/chaining-bugs-from-self-xss-to-account-takeover-82d572136bdf
*11-CSRF vulnerability to turn self XSS
https://infosecwriteups.com/how-i-leveraged-an-interesting-csrf-vulnerability-to-turn-self-xss-into-a-persistent-attack-b780824042d2
*12-stored XSS in chat support
https://mehedishakeel.medium.com/cross-site-noscripting-xss-my-fifth-finding-on-hackerone-b879c5b84736
*13-Reflected XSS , cloudflare WAF bypass
https://medium.com/@Thigh_GoD/finding-reflected-xss-waf-bypass-as-my-first-bug-b79671f40de2
*14-Stored XSS In Google
https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36
15-Stored XSS Vulnerability WAF Bypass
https://readmedium.com/en/https:/lopseg.medium.com/bug-bounty-writeup-stored-xss-vulnerability-waf-bypass-f38aae7ff9eb
16-Blind XSS , WAF Bypass
https://medium.com/@dirtycoder0124/blind-xss-a-mind-game-to-win-the-battle-4fc67c524678?
*17-DOM XSS in Login Page(redirect parameter in URL)
https://readmedium.com/en/https:/lopseg.medium.com/cross-site-noscripting-dom-on-login-page-a2e273b1c6f6
*18-DOM XSS in Hidden parameter
https://medium.com/@YourFinalSin/simple-but-elegant-dom-xss-on-hidden-parameter-bypassing-filter-ab58ca1e6135
#xss
#writeup
#report
1-RXSS
https://medium.com/@Bishoo97x/bug-bounty-writeups-exploiting-cross-site-noscripting-xss-5dde1473af3f
2-Reflected XSS:
https://medium.com/@heyrm/writeup-discovering-and-exploiting-xss-vulnerabilities-my-first-bug-hunting-reward-0dfb0ebfd6aa
3-RXSS
BurpSuite Intruder
https://kingcoolvikas.medium.com/how-i-found-my-first-xss-on-a-bug-bounty-program-c41107617ce1
4-RXSS , close "</noscript>" tag
https://infosecwriteups.com/my-latest-xss-finding-explained-to-beginners-bug-bounty-8674fa3626e7
5-XSS WAF & Character limitation bypass
https://infosecwriteups.com/xss-waf-character-limitation-bypass-like-a-boss-2c788647c229
6-RXSS
https://decode.novr.one/yeah-i-got-p2-in-1-minute-stored-xss-via-markdown-editor-7872dba3f158
7-RXSS
https://medium.com/@sM0ky4/xss-heres-how-i-got-my-first-bounty-4f64785fe6f8
8-RXSS , Waf Bypass
https://medium.com/@Thigh_GoD/finding-reflected-xss-waf-bypass-as-my-first-bug-b79671f40de2
*9-Self-XSS + CSRF => stored xss
https://medium.com/@renwa/self-xss-csrf-to-stored-xss-54f9f423a7f1
10-self XSS to account takeover
https://medium.com/@behnam.yazdanpanah/chaining-bugs-from-self-xss-to-account-takeover-82d572136bdf
*11-CSRF vulnerability to turn self XSS
https://infosecwriteups.com/how-i-leveraged-an-interesting-csrf-vulnerability-to-turn-self-xss-into-a-persistent-attack-b780824042d2
*12-stored XSS in chat support
https://mehedishakeel.medium.com/cross-site-noscripting-xss-my-fifth-finding-on-hackerone-b879c5b84736
*13-Reflected XSS , cloudflare WAF bypass
https://medium.com/@Thigh_GoD/finding-reflected-xss-waf-bypass-as-my-first-bug-b79671f40de2
*14-Stored XSS In Google
https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36
15-Stored XSS Vulnerability WAF Bypass
https://readmedium.com/en/https:/lopseg.medium.com/bug-bounty-writeup-stored-xss-vulnerability-waf-bypass-f38aae7ff9eb
16-Blind XSS , WAF Bypass
https://medium.com/@dirtycoder0124/blind-xss-a-mind-game-to-win-the-battle-4fc67c524678?
*17-DOM XSS in Login Page(redirect parameter in URL)
https://readmedium.com/en/https:/lopseg.medium.com/cross-site-noscripting-dom-on-login-page-a2e273b1c6f6
*18-DOM XSS in Hidden parameter
https://medium.com/@YourFinalSin/simple-but-elegant-dom-xss-on-hidden-parameter-bypassing-filter-ab58ca1e6135
Medium
[Bug Bounty Writeups] Exploiting Cross Site Scripting XSS
This Writeup shows how important it is to test every single input field on any Website even if it is just a form. So let us start :)
❤3🔥2👏2❤🔥1