How I found XSS on Admin Page without login!
Introduction
بسم الله الرحمن الرحيم
Hello Awesome Hackers, this is my first Write-Ups in Real Target; I will explain how Fuzzing helped me get an XSS on Admin Page Just in 1 Minute!
Approaching
I am doing Bug Bounty Hunting On Open-Source Projects; As I like doing this and giving back support to these projects and its community!
So I chose an Application running PHP as I can understand its code!
I Begin with collecting Subs and Endpoints to map the full Application to have a full picture of how it works and what its capabilities are!
Interesting Endpoint
When I am checking the collecting results; Actually i check it with CTRL+F to find interesting keywords like admin, panel, dev, internal ..etc.
While doing this, I found this Link:
https://redacted.redacted.com/admin/loginTrying Some Dumb Default Password and SQLi Payload; with no Successfully Login or Bypassing!
Fuzzing
So I start Fuzzing Using Arjun as I can find any Parameter But when I do this I found a really helpful error 🤓
Arjun just pushed a helpful error as I didn’t skip it so let’s try combining the full URL; then injecting XSS Payload!
Exploitation
The full URL with the Payload becomes:
https://redacted.redacted.com/admin/login?perspective=asdf1234After Submitting and Viewing the Source code:
https://redacted.redacted.com/admin/login?perspective=asdf"onload%3d"alert('Slax Was Here!')"asdfSUBMITTING!!
Wrapping Up
Remember the one rule
“Fuzzing, Fuzzing, Fuzzingggg”
I hope you guys enjoyed the Write-Up, See you on the Other one!
