How a simple “Hey!” can turn into your worst Nightmare: Stored XSS
Hello Hunters, Hope you’re doing well. Ever thought about what can happen if you read any stranger’s “Hey!” message? Nothing will happen, right?! 🤔
Let me prove you wrong!! So relax and let me explain how a simple “Hey!” can turn into your worst nightmare!! 👻
I’m sure this would be you right now…😂
Cross-site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS is the most dangerous of all. To successfully execute a stored XSS attack, a perpetrator has to locate a vulnerability in a web application and then inject a malicious script into its server.
Unlike Reflected, The attacker does not need to find an external way of inducing other users to make a particular request containing their exploit. Rather, the attacker places their exploit into the application itself and simply waits for users to encounter it.
- Go to Edit Profile Section and inject the XSS payload given below in the “Last Name” field
- Now Create a task with Assignee marked as “Self”
- Send the task to the Victim with a simple “Hey!” message
- As soon as, the victim reads your message/task, the script will get executed.
Payload: ”><img src=z onerror=”alert(document.cookie)”
Scary, Isn’t it? 🥶
Wait…Wait…Wait! It's not over yet!! 😁
Exploiting one victim at a time is boring, right? So let’s try to use the application’s other feature of creating “Teams”!!😍
So now, As an attacker, we will create a Team of all our Victims and send the message just once. And all those who read fall into our well-organized Trap!!
But as usual, the Bugcrowd Triager marked it as a “Duplicate” -> I asked for reassessment -> Marked duplicate of another submission again -> I asked for reassessment again -> Triaged (P2) and rewarded $500 (could’ve been $2500 submission, but a Tier 4)
That’s all for this article, I hope you guys enjoyed this form of learning ❤
Stay Safe 🤗