Just 5 minute to get my 2nd stored XSS on Edmodo.com

My overall experience with edmodo is good. They give quick response + cool swag + lots of input fields to test.

Image for post
Image for post
1 cool T-shirt + 1 shaker + 10 badges + 3 i love edmodo magnets

This time it was not planned. I was trying on many programs. Suddenly I opened edmodo and this time it redirected to new.edmodo.com. I posted my xss polyglot (as described on my first write up #540a33349662) on created school. This time I posted payloads on poll. Then I clicked on my dp to open my profile and it redirected me to www.edmodo.com/* . On this domain, there was some notification. I clicked notification and boom. It’s there.

PoC Video (Subscribe to the channel and share):

XSS PoC Video on youtube channel

Read my methodology on edmodo here #540a33349662.

Reported on 31st January, 2019
Rewarded on 4th February, 2019
Swag received on 13th February, 2019

About me:
Twitter https://twitter.com/ZishanAdThandar
Youtube https://youtube.com/c/ZishanAdThandar

First writeup: https://medium.com/@ZishanAdThandar/my-first-stored-xss-on-edmodo-com-540a33349662

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store