My first XSS finding using Knoxss

This is my first writeup as well as my first finding using Knoxss tool. As a security researcher everyone knows Brute “The God of XSS”. So, its already been seven days i was trying to find a bug in a program on hackerone platform. I was not able to find any bugs. So one day in morning, I decided to purchase a knoxss tool and then give a try. So after coming back from office, I bought the tool from the knoxss website.

Now I was confused from which program shall i start. So I randomly opened a program and activated the knoxss plugin, Lets call the program name redacted.com. I can’t disclose the program name as the bug is not yet fixed. 

After opening redacted.com, I started visiting web pages one by one and within two minutes. BOOOOMM!!!! I got an popup alert. Looks like I got Refelected XSS, yeah i was like 

cross site scripting

I was amazed to see the popup alert. Then I quickly submitted the report to the program. Here is the POC.

xss poc program

After one day, the status of my report was changed from NEW to TRIAGED but wait within 5 minutes i got another reply from hackerone staff stating that the program redacted.com was already aware of this issue and they changed the status of report from TRIAGED to DUPLICATE.

reflected_xss_poc

And then i was like 

sad meme

But i was still happy to find my first bug using Knoxss tool. Thanks for reading my first write-up. Many more are coming. Stay tuned.

Report Timeline : 

23rd Oct 2018 - Report Submitted

24th Oct 2018 - Needs more Info

25th Oct 2018 - Report Triaged

25th Oct 2018 - Duplicate

Akshay Sharma

Noob | Blogger | Youtuber | Bug Hunter |

One thought on “My first XSS finding using Knoxss

Leave a Reply