Hello World, Another Blog related to IIS. In this blog i am going to write about how i found a reflected cross site scripting on one of the popular bug bounty program
We know Rxss is an easy bug to find in most cases, but the reason for writing this blog post is I submitted nearly 20 XSS bugs to the same program but 19 of them are duplicate and only this one is accepted. The bug is present there for a long time. In this blog post i am going to share my approach in finding this one
If you havent read the recent blog, check it out here –> IIS-Default-Page-to-Information-Disclosure
Default IIS Page
Whenever i see a default iis page i get excited because there a lot of chances for finding Bugs there
As mentioned in the previous blogpost i ran IIS Shortname scanners but this webserver is not vulnerable
I decided to do general content discovery with ffuf
So i ran ffuf with jhaddix content_discovery_all.txt
ffuf -u https://sub.redacted.com/FUZZ -w content_discovery_all.txt -fc 404
/manager - 403
The path /manager gave a 403 Forbidden
Fuzzing again gave access to a Login Panel
ffuf -u https://sub.redacted.com/manager/FUZZ -w content_discovery_all.txt -fc 404
/default.aspx - 200
- I tried default credentials manually but none of them Worked
- After spending sometime i obeserver the path is being reflected in the source code without sanitisation
The above payload executed successfully
- Fuzzing often gives access to juicy endpoints.
That's it for now. Cheers !! Happy Hacking :)