Reflected XSS on Xiaomi with KNOXSS

Learn System Security - Reflected XSS on Xiaomi with KNOXSS ~


Xiaomi Bug Bounty Programs:

When we look at Xiaomi Bug Bounty Programs, They accept every subdomain of mi.com and xiaomi.com

And I start searching for a subdomain of mi.com with sublist3r

After that, I found 2 forum site and looks interested:


I try to found a unique URL with Google Dorks, a sensitive directory with DIRB, crawling URL and scan for XSS Vulnerability with XSSSniper, and I got nothing.

So I start using my KNOXSS to found XSS Vulnerability on this URL:

**And Boom**

XSS found from "title" parameter, I don't even know if that page has a "title" parameter.

XSS by KNOXSS:

I think this is your time to have KNOXSS Pro and start hacking with it:

Happy Hacking.

0 comments