How I Found A Simple Stored XSS
This is the story of how I found my first Stored XSS (“Cross Site Scripting”) vulnerability in a bug bounty program and a walk through on the details regarding how I came to find this bug.
Introduction
This is the story about the time I found a Stored XSS in a eCommerce bug bounty website. For those of you who are unaware of bug bounty programs, they are when companies allow ethical hackers to break apart their application and attempt to find vulnerabilities for an award or recognition. These can either be publicly known BBP’s (“Bug Bounty Programs”), VDP’s (“Vulnerability Disclosure Programs”), or Private Invite Only Programs. Now we will jump into the details about how the XSS was found.
What is XSS?
XSS or Cross Site Scripting is a vulnerability in which a user is able to use a provided input field to insert an XSS payload to break out of the context of the code. This causes the user to be able to execute javascript on the vulnerable webpage which can turn out to be very dangerous.
An example of an XSS payload can be seen below:
"><img src=x onload=alert(document.cookie)>
In the example above, we break out of the context of the code with the quote and greater-than sign at the beginning. We then have full capabilities…