Reflected XSS on Xiaomi with KNOXSS

Learn System Security - Reflected XSS on Xiaomi with KNOXSS ~

Xiaomi Bug Bounty Programs:

• https://hackerone.com/xiaomi

When we look at Xiaomi Bug Bounty Programs, They accept every subdomain of mi.com and xiaomi.com

And I start searching for a subdomain of mi.com with sublist3r

After that, I found 2 forum site and looks interested:

• https://c.mi.com/
• https://in.c.mi.com/

I try to found a unique URL with Google Dorks, a sensitive directory with DIRB, crawling URL and scan for XSS Vulnerability with XSSSniper, and I got nothing.

So I start using my KNOXSS to found XSS Vulnerability on this URL:

• https://c.mi.com/thread-2272575-1-1.html
• https://in.c.mi.com/thread-1901212-1-0.html

**And Boom**

XSS found from "title" parameter, I don't even know if that page has a "title" parameter.

XSS by KNOXSS:

• https://c.mi.com/thread-2272575-1-1.html?title=<!--></Title/</Style/</Textarea/</Noscript><Body/OnPageShow=(confirm)(1)-->
• https://in.c.mi.com/thread-1901212-1-0.html?title=<!--></Title/</Style/</Textarea/</Noscript><Body/OnPageShow=(confirm)(1)-->

I think this is your time to have KNOXSS Pro and start hacking with it:

• https://knoxss.me/?page_id=7

Happy Hacking.