Everyone know XSS are hard to execute but they are most common! isn't it ?? I found my first bug on "Institute of Microbial Technology" website. The bug was XSS -Reflected which is one of the most dangerous XSS bug as hacker can redirect you to other malicious website, can steal cookie and what not!
Common parameter which is vulnerable to XSS is the search bar which most of the websites have! Looking at search bar I got tempted to try the XSS script! I got around 50 failures on other website until I came across this one! I was prepared to face other failure and fired up the crafted script by looking at source code and boom! Got my first XSS bug ...
I was soo excited to try other scripts but I realized that penetration testing or ethical hacking is quite a responsible job. So, I wrote them a mail regarding this but unfortunately there was no reply. I checked after a week if it was solved or not ! sadly, it wasn't . Thus I decided to report this bug to NCIIPC which is the government body that deals with Web application bugs. I reported them and got reply thanking me for keep the internet a better place to live in.
I got no bounty for this , but a satisfaction that I was on the right path to step in the world of Cybersecurity!
