How did I find Reflected XSS on a university website?
Hello, my name is Mohammad Hossein Nouri. I am a Cybersecurity expert and Web Penetration Tester. This is my first post on Medium, and I am glad to share my experiences with cybersecurity on this platform.
Last night, I was working on my Penetration Testing project, and I discovered a straightforward XSS vulnerability. Because it’s a website associated with a prominent university, I decided to share my findings on Medium.
One of the phases I incorporate into my penetration testing process involves utilizing a vulnerability scanner, and in this particular case, I employ Nuclei.
In the initial step, I execute Nuclei on the target, focusing specifically on the XSS tag with the command below.
nuclei -u https://target.ac.com/gateway/Authenticate.php -tags xss
Nuclei reveals the injectable location, and I search for the reflected place in the source code.
I attempted to escape the code to inject my XSS payload. the final payload is like the code below.
https://site.ac.com/gateway/Authenticate.php/a'"></script><script>alert("xss")</script>
Finally, the alert popped up on the screen, proving that my XSS payload was successfully injected.
That was my journey to find the XSS vulnerability on that target. I hope it was useful for you.
You can find me on LinkedIn and Instagram.
Good luck!