Reflected XSS on Xiaomi with KNOXSS

Learn System Security - Reflected XSS on Xiaomi with KNOXSS ~

Xiaomi Bug Bounty Programs:

When we look at Xiaomi Bug Bounty Programs, They accept every subdomain of and

And I start searching for a subdomain of with sublist3r

After that, I found 2 forum site and looks interested:

I try to found a unique URL with Google Dorks, a sensitive directory with DIRB, crawling URL and scan for XSS Vulnerability with XSSSniper, and I got nothing.

So I start using my KNOXSS to found XSS Vulnerability on this URL:

**And Boom**

XSS found from "title" parameter, I don't even know if that page has a "title" parameter.


I think this is your time to have KNOXSS Pro and start hacking with it:

Happy Hacking.