Hello! I want to tell about my “Bug Bounty” writeup “Stored XSS (Cross-Site Scripting)” and my lucky story, this is my fastest finding which has HIGH severity (P2).
I discovered P2 (Stored XSS) vulnerability when I reporting P4 (Denial of Service).
The idiom, said:
Kill two birds with one stone.
Okay, here we go!
Initially i create a Denial of Service (P4) report:
## Steps to Reproduce:
1. Go to [Here](https://[REDACTED]/[REDACTED])...
While thinking of words to make reports, i remembered something and tried to create XSS payload in markdown editor (but I didn’t expect to be XSS).
At the end of my report, I added (XSS Payload):
Then, i submit my P4 report.
What the …
Really? It work! and I still don’t believe it.
So many reports entered in that platform, only I tried this?
Oh no, I’m just lucky kid
After that, I started to create my P2 submission.
BONUS! Markdown XSS payloads:
Thank you for reading.