Story of a bypassed XSS: Let’s bypass the game

Hello everyone, welcome to my new writeups. I, hope that you guys are doing great and safe in this pandemic situation :)

Starting

SO basically, I found this vulnerability back in January, when I was a pure noob(i am still a noob right now). I didn’t know shit about recon stuff at that time and I used to have only one phone of my mom. SO, I thought to target on a the website, and here is the story of the XSS ;)

Story

It was a beautiful Friday where I was hunting on a platform, At that time I used to only have a phone. So All I can do was to find XSS. As I mentioned earlier I didn’t shit about recon and sub-domains gathering that time, I hunted on the main page. I noticed there was a search box in the top-right corner. I tried to enter some string just to see that is reflecting or not, And It was reflecting. SO, I thought to put “><script>confirm(0)</script> to get an alert, but sadly I got an access denied page :( I tested many simple payloads and got the same response from the page. SO I went to sleep because I was hunting at 11:00 pm

Next Day

On a beautiful Saturday morning, I was surfing YouTube and I watched videos of “Suvam Cybersec” on the description of his video he gave a video link of “R,ando” I checked that channel and I saw a video saying “Access denied bypass — XSS”, I was like WOOOOOOOOOOOOOOOOOO

Attack

So, I found a payload which was </title><! →<svg onload%3Dlocation=loc%26%2397;tion.h%26%2397;sh.subst%26%23114;%26lpar;1)>#javascript:alert(document.domain) and I pasted on search field of target.com and I got XSS popped, I was like

Keep learning,