Posts

Showing posts from April, 2019

[Duplicated] Self-XSS & CSRF attack lead to Stored XSS

Image
Hi guys it's me Flex, in this post I will share a new vulnerability on a private program let's call it `example.com` the vulnerability was a Self-XSS with CSRF attack which leads to Stored XSS. The story of the discovery the target is a shop website when I test the function to add a product I start adding my lovely XSS payload  <svg/onload=alert(0)> everywhere and one of them these fields work and give me a pop-up because the input was wrong to the field and the website tells me that this value is wrong so it is a self-XSS I tried to find Clickjacking to make it exploitable but there is no way with clickjacking, after some minutes I tried to find a CSRF attack so I opened my Burp and catch the change request and I notice that there is no CSRF-Token or any CSRF protection so I tried to exploit this two bugs together to get the Stored XSS, the body of the edited request was like that {"basePage":{"draftIds":["victim_id"],"...