Get Reflected XSS within 3 minutes

Hi guys. I found xss on 8x8 within 3 minutes and I want to share it step by step. I am writing these write-ups for beginners like me. I think I will learn more as I write and I love it.

STEP 1 — Subdomain Enumeration

%.%.%.%.%.8x8.com

Descend as deep as you can. Now you can use any tool for enumeration such as assetfinder, sublist3r, subfinder etc. I use assetfinder with httprobe..

assetfinder -subs-only | httprobe

A subdomain wandering alone :)

Here is our target : client-beta.global.chalet.8x8.com

STEP — 2 Directory discovery

You can use filebuster, dirsearch or gobuster . I use dirsearch..

dirsearch.py -u “client-beta.global.chalet.8x8.com” -e html,json

STEP — 3 Hidden parameters are gold

🔥 :bad_params!! Let’s use arjun to find hidden parameters.

Now we have a get parameter on the blank page. 👌 Let’s try to get XSS !!

Payload : “><img onerror=alert(1) src>

Thank you !!!