My first XSS finding using Knoxss
This is my first writeup as well as my first finding using Knoxss tool. As a security researcher everyone knows Brute “The God of XSS”. So, its already been seven days i was trying to find a bug in a program on hackerone platform. I was not able to find any bugs. So one day in morning, I decided to purchase a knoxss tool and then give a try. So after coming back from office, I bought the tool from the knoxss website.
Now I was confused from which program shall i start. So I randomly opened a program and activated the knoxss plugin, Lets call the program name redacted.com. I can’t disclose the program name as the bug is not yet fixed.
After opening redacted.com, I started visiting web pages one by one and within two minutes. BOOOOMM!!!! I got an popup alert. Looks like I got Refelected XSS, yeah i was like
I was amazed to see the popup alert. Then I quickly submitted the report to the program. Here is the POC.
After one day, the status of my report was changed from NEW to TRIAGED but wait within 5 minutes i got another reply from hackerone staff stating that the program redacted.com was already aware of this issue and they changed the status of report from TRIAGED to DUPLICATE.
And then i was like
But i was still happy to find my first bug using Knoxss tool. Thanks for reading my first write-up. Many more are coming. Stay tuned.
Report Timeline :
23rd Oct 2018 - Report Submitted 24th Oct 2018 - Needs more Info 25th Oct 2018 - Report Triaged 25th Oct 2018 - Duplicate
Nicely written. All the best as you try to find more!
is this really cool i want to buy the tool
Hey, Nice writeup man, all the best for future hunting. can you share the sitename now, i think it’s fixed now.