Har Har Mahadeva. Hey, this is Prince Roy, a cyber security researcher. A few days ago, I found two RXSS in the domain of the Department of Commerce of the United States of America.
I discovered those within ten minutes!!
Okay, guys, I am going to tell you how I found those. At first, I searched the IP address in https://search.censys.io/ via the main domain. Then I found one IP address — not an internal IP address—that is accessible.
Then I used NucleiFuzzer, which is actually a combination of Nuclei + Paramspider—a great tool made by xKayala. Here is the link:
GitHub - 0xKayala/NucleiFuzzer: NucleiFuzzer is a powerful automation tool for detecting…
NucleiFuzzer is a powerful automation tool for detecting xss,sqli,ssrf,open-redirect..etc vulnerabilities in web…
And I used that command in the terminal.
./NucleiFuzzer -d domain_name(that I found which is accessible with IP address)
And after 5–6 minutes, NucleiFuzzer found two RXSS in two different parameters.
For testing the RXSS, I used this payload:
'">><marquee><img src=x onerror=confirm(1)></marquee>
It successfully popped up and showed me this:
Yes, Gyus, I am serious. And RXSS is a PIII-severity bug. After that, I ethically reported it to the DOC Vulnerability Discloser Program. Then, two hours later, those two reports got triaged.
After patching those vulnerabilities, they put my name on the acknowledgment page. Here is the link: https://doc.responsibledisclosure.com/hc/en-us/articles/10801394414227
And finally, this is the first blog about finding the vulnerability. So, please pardon my mistakes.
Please follow my Social media accounts for further updates: