Stored XSS on Snapchat

Mrityunjoy
Feb 9, 2018 · 2 min read

Hello Guyz,
This is @Mrityunjoy . A Bug Bounty Hunter from Bangladesh. Today I want to share with you a Stored XSS which I found in Snapchat.

While i testing i found a Snapchat Ads Domain. So i decided to test that domain to found some bugs.

When i go to the ADS domain i noticed a Setup Option, That means first we need to create a ADS Account. I PUT a HTML TAG into the BUSINESS NAME field and fill up the other field as random words and started a account.


I created a Organization and they have a invite member option, where i can invite new members on my Organization.

I invited my own email to joining as Organization member. After Opening my mail i saw the BUSINESS NAME field was vulnerable to HTML INJECTION

I was looking!!!

Simply again i back to the Ads domain and tried to created another account.
I PUT a simple payload test"><img src=x onerror=prompt<domain)>into the BUSINESS NAME field and Started a account.

Now again i created a Organization and invited my own email to joining as Organization member. Quickly i opened my mail and clicked the invitation link.
After clicking the link bingo!!!! Got the XSS POPUP. I Managed to achieve the Stored XSS on all browsers.

I was Feeling!!!

Timeline

  • Jul 13th — report submitted
  • Jul 17th — Resolved

Thanks to Tarek Siddiki & Faisal Ahmed

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store