.png)
14 hours ago
11 BOOK THIS SPACE FOR AD
ARTICLE ADIntro
![Bug Bounty Notes [Mr.Horbio]](https://miro.medium.com/v2/resize:fill:48:48/1*vDt8m23RZVQqZ-36XJA6PA.jpeg){kind=small}
Hi Bug Bounty hunter , Welcome back to my another article. Today I would like to share some simple and quick ways to find stored XSS vulnerability as well as I provide some HackerOne reports that help you to find Store Cross site scripting. In the end I mentioned trick to find Stored XSS
Stored Cross site scripting occurs when an application receives user-input data and save it that data comes with http response of application and renders on the page. For example, one blog page contains comment section where user comment below the post and that comments are rendered on the page. What if Instead of normal comment we try to inject <script>alert(document.domain)</script> javascript payload if this comment section is vulnerable then it will executed. so there is a stored XSS vulnerability.
Lets take a some references of stored Cross site Scripting
Report : #485748
This vulnerability found in Reports section. Where user create and submit network reports. when we create and submit this report in , it renders on the page.
Now try to exploit this :
During making reports he entered this payload
"><img src=x onerror=alert(document.domain)>
Bengali (Bangladesh) · 
English (United States) ·