Bug Bounty Forum

Join the group Join the public Facebook group

Start Learning about Cross-Site Scripting (XSS)

The point of this article is not to teach you about hacking, but to get you started with bug bounty. Learning how to hack is going to require that you start looking into resources (link here). The next step for you is to start learning about what vulnerabilities exist and how to find them.

There are hundreds of types of vulnerabilities that come with a variety of flavors and severities. It will take awhile before you learn about all of them. New types of vulnerabilities are being discovered every year. Your best bet is to seek out resources such as vulnerability disclosure write-ups, videos, and presentations to learn about new vulnerabilities.

Some vulnerabilities will be easier to understand and find while others may elude you for years. One of the most common vulnerabilities in web security is Cross-Site Scripting (also known as XSS). It's a broad vulnerability that is fairly easy to pick up on the basics but has enough depth that you may never fully understand it. It is arguably the most common vulnerability on the entire internet and some programs will pay thousands of dollars for them. This is a good vulnerability to start with.

Quick links

  1. Just Google it: https://www.google.com/search?q=Cross-Site+Scripting&ie=utf-8&oe=utf-8
  2. OWASP has a lot of high-level articles to learn more about vulnerabilities. Their documentation on XSS is pretty solid: https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

We also recommend that you spend some time learning how to program the vulnerabilities in a sandbox as you learn about them. It's important to have a developer perspective on how the vulnerabilities work. It also lets you play with the vulnerability, learn how they exist, and also learn how to fix them. This will show you what to look for so you do not spend hours finding nothing without knowing if you are doing the right or wrong thing. This tends to be the biggest reason for new bug bounty hunters to burnout and quit. Finding a vulnerability can take as little as a few minutes to weeks or months.

There are many, many, many ways to mess with XSS without finding it on a bug bounty program website. Look at these first before you throw yourself into the fire.

  • WebGoat (by OWASP) is an intentionally vulnerable website. You can mess with many vulnerabilities in it, including XSS: https://github.com/WebGoat/WebGoat/wiki
  • XSS Challenges - websites that are built with mini challenges to find the XSS vulnerability. This is great because you know it's vulnerable, but you have to overcome obstacles. You will find these obstacles in the real world.
    • Easier: Google's XSS Challenge: https://xss-game.appspot.com/
    • Harder: Challenges made by some of the best: http://prompt.ml/0
    • More: There are hundreds of them, seek them out: https://www.google.com/search?q=XSS+Challenges&*&ie=utf-8&oe=utf-8

You have a challenging road ahead, but it's a steep climb that gradually gets easier the more time and effort you put into it. It will seem impossible until your first find. After your first valid submission, you'll be addicted.