Stored XSS on Snapchat

Hello Guyz,
This is @Mrityunjoy . A Bug Bounty Hunter from Bangladesh. Today I want to share with you a Stored XSS which I found in Snapchat.

While i testing i found a Snapchat Ads Domain. So i decided to test that domain to found some bugs.

When i go to the ADS domain i noticed a Setup Option, That means first we need to create a ADS Account. I PUT a HTML TAG into the BUSINESS NAME field and fill up the other field as random words and started a account.

I created a Organization and they have a invite member option, where i can invite new members on my Organization.

I invited my own email to joining as Organization member. After Opening my mail i saw the BUSINESS NAME field was vulnerable to HTML INJECTION

I was looking!!!

Simply again i back to the Ads domain and tried to created another account.
I PUT a simple payload test"><img src=x onerror=prompt<domain)>into the BUSINESS NAME field and Started a account.

Now again i created a Organization and invited my own email to joining as Organization member. Quickly i opened my mail and clicked the invitation link.
After clicking the link bingo!!!! Got the XSS POPUP. I Managed to achieve the Stored XSS on all browsers.

I was Feeling!!!

Timeline

  • Jul 13th — report submitted
  • Jul 13th — Triaged
  • Jul 17th — Rewarded Bounty
  • Jul 17th — Resolved

Thanks to Tarek Siddiki & Faisal Ahmed

~sup3r-b0y~

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store