Stealing your data using XSS

Stealing your data using XSS

Turned on machine, started active + passive discovery of domains and all in-scope assets of . Used many tools like Sublist3r, Amass, findomain, subfinder, etc.

Hello peeps ๐Ÿฅ

This article is all about utilizing my lock-down time in finding bugs under a private program whose name has to be redacted here. โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ€™s program is active since years with list of professional & responsible hackers named in their *Hall Of Fame *till todayโ€™s year. Still I managed to find multiple XSS and escalated impact of one XSS to sensitive data stealing. So letโ€™s get started ๐Ÿค™.

Note: This article wants to help new-comers to understand impact escalation and get in-depth knowledge for XSS vulnerabilities.

Timeline:

14.04.2020

Turned on machine, started active + passive discovery of domains and all in-scope assets of โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ. Used many tools like _Sublist3r, Amass, findomain, subfinder, etc. _At last I merged all outputs and made one list.

I believe less in automation testing and laziness ๐Ÿ™ƒ so I sorted the list and probed them all. Visited each domain one-by-one and ffufed domains which seemed potentially juicy to me. This game goes on.

17.04.2020

After 2 days of manually doing everything, for a domain I got a good list of endpoints using waybackurls, used Arjun to find valid parameters and then got a beautiful reflection ๐Ÿ˜.

bug-bounty pentesting bug-hunting infosec data visualization

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Visual Analytics and Advanced Data Visualization

Visual Analytics and Advanced Data Visualization - How CanvasJS help enterprises in creating custom Interactive and Analytical Dashboards for advanced visual analytics for data visualization

Visualization Best Practices for Data Scientists

Visualization Best Practices for Data Scientists. Disclaimer: The ideas presented in this article are from the book: Story Telling With Data by Cole Nussbaumer Knaflic.

Applications Of Data Science On 3D Imagery Data

The agenda of the talk included an introduction to 3D data, its applications and case studies, 3D data alignment and more.

The Importance of Data Visualization

The Importance of Data Visualization - It is the process of converting raw data at hand into easy and understandable image-photo-graphics for fast, effective and accurateโ€ฆ

Data Quality Testing Skills Needed For Data Integration Projects

Data Quality Testing Skills Needed For Data Integration Projects. Data integration projects fail for many reasons. Risks can be mitigated when well-trained testers deliver support. Here are some recommended testing skills.