Open in app

Sign in

Write

Sign in

How i escalate P5 to P3

self-xss to exploitable-xss

ABDELKARIM MOUCHQUELITA
2 min readAug 18, 2023

Introduction

Greetings, cyber adventurers! Today, I’m thrilled to share my journey of turning a harmless self XSS vulnerability into a powerful exploitable XSS. Get ready to explore the world of web security with me and discover how persistence and a little creativity can lead to big wins.

The Start

I stumbled upon an interesting domain, target.com/target_insights/ , during my online escapades. Excited to dig deeper, I decided to investigate.

I attempted to inject js into the blog search field using a very basic payload:

“><img src=x onerror=alert(2)>

Excitingly, the payload worked, and the alert popped up as expected. But there was a twist.

The Surprise

Checking the URL, I noticed that there is no GET parameters. it was a POST request. This meant it’s just a self-xss .

I couldn’t report my findings without finding a CSRF.

The Clever Move

Refusing to give up, I called upon my trusty companion, Burp Suite. Intercepting the request, I studied its every aspect. No XSRF headers or parameters in sight — a glimmer of hope!

With a plan in mind, I used a Burp extension to create a CSRF PoC. Injecting my potent XSS payload into the PoC, I eagerly put it to the test in my browser.

A grin spread across my face as the exploit worked like a charm. The once ordinary search field had become a launchpad, propelling my discovery from a P5 bug to a prized P3 status.

The Lesson

Here’s the golden nugget of wisdom: Never underestimate the main domain. It holds untold treasures waiting to be unearthed. A self XSS vulnerability was just the beginning. The real gem lay in finding that elusive CSRF vulnerability.

Obstacles like XSRF headers and parameters might seem daunting, but with determination and creative thinking, they’re conquerable.

Conclusion

Dear fellow adventurers, let my tale kindle your own exploits. Embrace the unexpected twists, arm yourself with tools like Burp Suite, and relish the thrill of the hunt. Remember, every challenge is an opportunity, and every vulnerability is a stepping stone to greatness.

Keep your hacking spirit alive, stay curious, and go conquer the digital realm!

Cybersecurity
Bug Bounty
Bug Bounty Tips
Tips
Hacking

--

--

ABDELKARIM MOUCHQUELITA

Written by ABDELKARIM MOUCHQUELITA

413 Followers

Python Ninja, CTF Player and I Break Into Machines When They Refuse to Have A Peaceful Conversation.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams