Stored XSS on Snapchat
Hello Guyz,
This is @Mrityunjoy . A Bug Bounty Hunter from Bangladesh. Today I want to share with you a Stored XSS which I found in Snapchat.
While i testing i found a Snapchat Ads Domain. So i decided to test that domain to found some bugs.
When i go to the ADS domain i noticed a Setup Option, That means first we need to create a ADS Account. I PUT a HTML TAG into the BUSINESS NAME field and fill up the other field as random words and started a account.
I created a Organization and they have a invite member option, where i can invite new members on my Organization.
I invited my own email to joining as Organization member. After Opening my mail i saw the BUSINESS NAME field was vulnerable to HTML INJECTION
I was looking!!!
Simply again i back to the Ads domain and tried to created another account.
I PUT a simple payloadtest"><img src=x onerror=prompt<domain)>into theBUSINESS NAMEfield and Started a account.
Now again i created a Organization and invited my own email to joining as Organization member. Quickly i opened my mail and clicked the invitation link.
After clicking the link bingo!!!! Got the XSS POPUP. I Managed to achieve the Stored XSS on all browsers.
I was Feeling!!!
Timeline
- Jul 13th — report submitted
- Jul 13th — Triaged
- Jul 17th — Rewarded Bounty
- Jul 17th — Resolved
Thanks to Tarek Siddiki & Faisal Ahmed
