CybristerBoy

Hello everyone, This is my second blog of the series " Sharing Is Caring ". What I have learnt until now because of those guys who believe in that 'methodology' :) The site is private, so call it private-site.com. 1- Store XSS using comment body I found that on a private-site.com, the comment body was reflecting on user own profile. So, I started hunting in a way to find something special. After many tried and tested with each and every payload I got nothing. But, I believe in a sentence "There is always a way to bypass" {Thanks to zahid ali  who once said this and proved it on facebook, when bypassed same feature three times} Anyway, I didn't give up and thinking to bypass. Later, an idea clicked on my mind to use payload on second or third line as I have read in other researcher posts. The xss got store when I used my favourite payload <svg/onload=alert(1337)> on the second line of the body. Time spent: 9-10 hours 2- Store XSS usi

Hello everyone, I would like to disclose one of my recent finding in which I was able to get the admin panel on a private program. The program is private, so call it private-site.com. As many researchers believe in recon beforae hunting a target, same this law apply to me. Around two months ago I was invited in a private program, the first step I did to know all about the target. I strongly believe that recon is incomplete without using censys and shodan search engine. I always use it at first whenever choose a target. Same on that day I searched about the private-site.com. I was lucky by using the certificate base query as below https://censys.io/ipv4/help?q=80.https.tls.certificate.parsed.extensions.subject_alt_name.dns_names%3Aprivate-site.com When using the above query i got many open ports. So i directly hit the target with port and thinking something special will come in response. But with all ports i was getting reponse "ERR_CONNECTION_TIMED_OUT&