Back to directory
WRITEUP #4087

How I was rewarded a $1000 bounty after abusing File Upload functionality to Stored XSS Vulnerability leading to credential theft of a vistor in a website.

XSSUnrestricted file uploadStored XSS
by@iamkun4l(Kunal Khubchandani)
Bounty
1,000
Program
-
Published
Jan 18, 2021
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://kunalkhubchandani.medium.com/how-i-was-rewarded-a-1000-bounty-after-abusing-file-upload-functionality-to-stored-xss-945a40ac6f94
RELATED WRITEUPS
Stored XSS in LibreOffice
XSSStored XSS
Persistent XSS on Microsoft Bing.com by poisoning Bingbot indexing
XSSStored XSS
Canary Token OSS Security Audit Report (Q2 2024)
XSSDoS
Type confusion attacks in ProseMirror editors
XSSType confusion
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat