Stored XSS on Snapchat

Hello Guyz, 
This is @Mrityunjoy . A Bug Bounty Hunter from Bangladesh. Today I want to share with you a Stored XSS which I found in Snapchat.

While i testing i found a Snapchat Ads Domain. So i decided to test that domain to found some bugs. 
 
When i go to the ADS domain i noticed a Setup Option, That means first we need to create a ADS Account. I PUT a HTML TAG into the BUSINESS NAME field and fill up the other field as random words and started a account.


I created a Organization and they have a invite member option, where i can invite new members on my Organization.

I invited my own email to joining as Organization member. After Opening my mail i saw the BUSINESS NAME field was vulnerable to HTML INJECTION

I was looking!!!
Simply again i back to the Ads domain and tried to created another account.
I PUT a simple payload test"><img src=x onerror=prompt<domain)>into the BUSINESS NAME field and Started a account.

Now again i created a Organization and invited my own email to joining as Organization member. Quickly i opened my mail and clicked the invitation link.
After clicking the link bingo!!!! Got the XSS POPUP. I Managed to achieve the Stored XSS on all browsers.

I was Feeling!!!

Timeline

  • Jul 13th — report submitted
  • Jul 13th — Triaged
  • Jul 17th — Rewarded Bounty
  • Jul 17th — Resolved

Thanks to Tarek Siddiki & Faisal Ahmed