Shulou(Shulou.com)05/31 Report--

How to dig reflection xss in hackerone, I believe many inexperienced people don't know what to do about it. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Dig reflection xss, the most important thing is to be able to connect the hair, not the hair, you can not say that you can dig reflection xss.

To pick up, I want to see html.

Request packet:

Return packet

Look, it's melting out.

Then it is sent, that is, the load is distributed.

First gently inject "symbol, very good, no escape, no filter.

My backhand is a pinecone flashing lightning whip.

One whip, style=xxxxxx "- alert (1)-

It's blocking. There's waf.

Five whips, I'm on my way.

Then I submitted it, and I got $250. "

Then move to another place, move the nest, ah, because a path only accepts one xss, or connect Huafa.

Pick up, liso_rtar

Hua, liso, rtar

Very good, both parameters are fine, just send it out directly as above.

Liso=xxxxxx "; axi1umbent alert (1) / /

Another $250.

By the way, this manufacturer's page shows xxxx.com without a "*" sign. It only seems to accept the loopholes of the master site, but it does not clearly indicate that the subdomain name is not allowed.

So, I tried to see if the sub-domain name was all right. Soon, ah, I dug up another sub-domain name.

Young people don't talk about martial arts. I know from its meaning that it just doesn't accept this sub-domain name, but other sub-domain names.

Soon, ah, it was another reflection xss of a sub-domain name, and the foreigner was real, and the xss of the sub-domain name gave it another 250 dollars.

Ah.

When you see a path, you will feel juicy, or will you change your hair?

Young people do not talk about martial arts, a page so many variables, is to kill me, a 68-year-old man, glanced at, rtar looks a little familiar, ah, friends with a bad memory, you can look at the previous pictures, I casually hit the effort to melt the rtar out.

Well, it reflects.

A (b);% 0Avar% 20a% 20 = {/ / strange, try it and find that there is dos. As long as the input string is long enough, there will be dos, plus 250 of dos, a total of 1250.

The whole result of two nights.

When I tested, I also used a variety of scanners, directly lost the path, these xss can not be scanned, unless I bring the parameters, but if I do bring the parameters, I can get the results with any scanner. So many times your scanner does not scan xss, just because it does not get to this parameter, and sometimes even the path does not get. So many people read the H2 report that xss is very simple, but can not dig it alive, just because it can not be sent, the loophole itself is simple, the difficulty is to find the point where there may be a loophole.

After reading the above, have you mastered the method of digging and reflecting xss in hackerone? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.