BOOK THIS SPACE FOR AD
ARTICLE ADWelcome, All :)
In this first write-up, I’ll try to explain every step so that you can understand the methodology in a more detailed way.
The website I was hunting was sportskeeda.com(I asked them for public disclosure)
Let dive into the bug, How did I find stored XSS.
HOW DID I FIND?
So immediately after doing recon, I started trying to find XSS & tried several XSS payloads in most of the parameters but the application was filtering everything properly. Used several methods & different combinations of XSS nothing worked. So I thought why not let’s try to bypass it.
So immediately I started understanding the filtering process & started crafting XSS payloads based on the filters & I thought this will work & tried all possibilities, ended up with frustrations & looks like all in vain.
I thought to give up with XSS but on the same time I noticed there is one more feature which is yet to be tested immediately I started testing twitter & Facebook profile adding feature & instead of adding link I tried with simple XSS payload & what happens next is a dream of every hunter “XSS pop up” :)
Payload I used : “><script>prompt(document.domain)</script>
So finally, I found stored XSS as the profile can be publicly accessible so any user who visits the vulnerable profile will trigger the XSS.
Happy Ending 😁
TakeAway
Never give up, always try to understand the application workflow & deep dive into the app.
The Company fixed the issue immediately & rewarded Bounty.
Hope you all liked it.
Thanks for reading :)
Instagram: https://www.instagram.com/warrior.hacker/
Linkedin: https://www.linkedin.com/in/lavcyberboy
Twitter: https://twitter.com/warri0r_hacker