So I started to participate in bug bounty programs not so long before, and soon I found at least 2 places are vulnerable for stored XSS on a (quite big, I believe? They have many users and having some big banks and firms being their partner.) website which helps users to learn coding.

[bctt tweet=”Stored XSS on private Bounty Program” username=”saintmalik_” prompt=”Let Your Friends Learn Too” url=”https://bit.ly/36HOrFe”]

The website’s dashboard enable users to submit thier details without being filtered. XSS payloads can be added into the Boxes to triggered XSS on the browser of any users visiting the user profile

How I Discovered The Stored XSS

On this very day, I logged into the platform, because the platform is a learning ground, so I wasn’t in the mood to start looking at video tutorial nor to read anything cause the course in my list out table seems bulky.

[bctt tweet=”Stored XSS on private Bounty Program” username=”saintmalik_” prompt=”Let Your Friends Learn Too” url=”https://bit.ly/36HOrFe”]

So instead of learning, I said let me even test some of my bug bounty skills on this platform, first I looked for any reflected XSS entry points like searching function on the website and improper error messages displayed.

And I had no luck 😦 . But sometimes misfortune is a blessing in disguise.

[bctt tweet=”Stored XSS on private Bounty Program” username=”saintmalik_” prompt=”Let Your Friends Learn Too” url=”https://bit.ly/36HOrFe”]

After digging a well, Soon I found that I can leave something on the profile dashboard :

Because the user profile has an option to edit ,add your bio, add some texts, so I wrote somethings, and I started with >< and I was like this is my fish, I have to catch and roast it.

See Also:  Learn To Write Your Own Hacking Scripts Using Python

So I didn’t even stress myself, I got the common payload which is <script>alert(1)</script> , I inserted this payload into the bio box and I saved it and the bio box when blank.

[bctt tweet=”Stored XSS on private Bounty Program” username=”saintmalik_” prompt=”Let Your Friends Learn Too” url=”https://bit.ly/36HOrFe”]

Not that the payload isn’t there but the website functionality made it looks like a white text, so immediately I refreshed the page and boom!!!.

The stored XSS triggered, Damm I was so happy, you know that feeling when you get your first Stored XSS.

[bctt tweet=”Stored XSS on private Bounty Program” username=”saintmalik_” prompt=”Let Your Friends Learn Too” url=”https://bit.ly/36HOrFe”]

But the anxiety in me made me report without thinking of some way to make the bug more complex and dangerous.

LEAVE A REPLY

Please enter your comment!
Please enter your name here