Stored XSS To Cookie Exfiltration

Today I will be explaining an XSS (“Cross Site Scripting”) vulnerability I found in a private bug bounty program that allowed me to exfiltrate victim’s cookies and steal sensitive user data.

Introduction

When noticing applications that allow for multiple user input fields to be reflected into different parts of the website, they are a great target to thoroughly test for XSS vulnerabilities. This is because when allowing user input, websites often fail to implement safe coding practices such as filtering, encoding, and CSP configurations, which therefore allow users to exploit these weaknesses to carry out attacks like XSS. Whenever I see many input fields, XSS is one of the first things I look for as it is one the most common vulnerabilities in web applications and often has a high impact on overall security.

So How Does XSS Occur?

XSS or Cross Site Scripting is a vulnerability in which user input is processed in an unsafe way, allowing attackers to break out or modify the context of the code and insert their own within it. This causes the attacker to be able to execute arbitrary javascript on the vulnerable site which can turn out to be very dangerous if leveraged against other users correctly. This can lead to performing actions on other accounts without their permission, stealing…