>

🚀 We've added new community writeups and a Web3 section! Click here to see what's new.

🐛 Bug Bounty Hunting Search Engine

Made with ❤️ by @payloadartist
NEW
Example search: http://bugbountyhunting.com/?q=keyword
Found 140 resources related to stored xss in 2.80 ms
✍️ How I was rewarded a $1000 bounty after abusing File Upload functionality to Stored XSS Vulnerability leading to credential theft of a vistor in a website.
✍️ Stored XSS on Product Description [HIGH] — $400
✍️ Microsoft Bug Bounty Writeup – Stored XSS Vulnerability
✍️ How I Found My First Bug Stored Xss and Earned My First Bounty 1000$
✍️ (Shopify.com) Blind Stored XSS Via Staff Name \(\)
✍️ Stored XSS on Slack, Bug Bounty
✍️ Self stored xss to full account takeover
✍️ Stored XSS with Password Recovery Page
✍️ iOS Outlook Stored XSS Write-Up($3000)
✍️ Stored XSS in Microsoft outlook
✍️ Stored XSS in Yahoo mail IOS app($3500)
✍️ Story About OTP Bypass To Stored XSS
✍️ Stored XSS Leads to Plaintext Password Disclosure
✍️ Stored XSS in Google Nest
✍️ Arbitary File Upload too Stored XSS - Bug Bounty
✍️ Exploiting a Self Stored XSS with an IDOR
✍️ Stored XSS on Zendesk via Macro’s PART 2
✍️ BugBounty WriteUp — take attention and get Stored XSS
✍️ Stored XSS on LaporBug.id
✍️ Chaining Cache Poisoning To Stored XSS
✍️ What do Netcat, SMTP and self XSS have in common? Stored XSS
✍️ Story of a stored xss to full account takeover vulnerability(N/A to accepted)
✍️ Yeah! I got P2 in 1 minute - Stored XSS via Markdown Editor
✍️ Stored XSS on Indeed
✍️ Exploiting File Uploads Pt. 1 – MIME Sniffing to Stored XSS #bugbounty
✍️ Stored XSS on Edmodo
✍️ Stored XSS on Techprofile Microsoft
✍️ CSRF Attack can lead to Stored XSS
✍️ Just 5 minute to get my 2nd stored XSS on Edmodo.com
✍️ Stored XSS in the guide’s GameplayVersion (www.dota2.com)
✍️ My First Stored XSS on Edmodo.com
✍️ Multiple Stored XSS On Tokopedia
✍️ Stored XSS on Edmodo
✍️ Chaining Tricky OAuth Exploitation To Stored XSS
✍️ Stored XSS Via Alternate Text At Zendesk Support
✍️ How I stumbled upon a Stored XSS(My first bug bounty story).
✍️ Self XSS to Interesting Stored XSS
✍️ Story of Stored Xss
✍️ Stored XSS Vulnerability in Jotform and H1C Private Site
✍️ Stored XSS in Bug Bounty
✍️ How i found Stored xss on your-domain.redacted.com
✍️ Google Stored XSS in Payments
✍️ Stored XSS Vulnerability in H1C Private site
✍️ Stored XSS Vulnerability in Tumblr
✍️ Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org
✍️ Stored XSS in GameSkinny
✍️ Microsoft Office 365 Stored XSS
✍️ The 2.5 BTC Stored XSS
✍️ Self-XSS + CSRF to Stored XSS
✍️ Stored XSS in Yahoo and all subdomains!
✍️ Story Of a Stored XSS Bypass
✍️ Stored XSS in Yahoo!
✍️ How I got stored XSS using file upload
✍️ Google adwords 3133.7$ Stored XSS
✍️ Stored XSS, and SSRF in Google using the Dataset Publishing Language
✍️ Stored XSS on Snapchat
✍️ Stored XSS to Full Information disclosure
✍️ Stored XSS] with arbitrary cookie installation
✍️ Stored XSS on Rockstar Game
✍️ That Escalated Quickly : From partial CSRF to reflected XSS to complete CSRF to Stored XSS
✍️ Stored XSS in the heart of the Russian email provider giant (Mail.ru)
✍️ A pair of Plotly bugs: Stored XSS and AWS Metadata SSRF
✍️ Stored XSS in UniFi v4.8.12 Controller
✍️ RunKeeper Stored XSS Vulnerability – Where worms are able to run too!
✍️ Paypal stored XSS + Security bypass
✍️ Stored XSS on biz.waze.com
✍️ CVE-2020–5842 Stored XSS Vulnerability in Codoforum 4.8.3
✍️ [VDP] Stored XSS at acm.org – Shwani
✍️ Stored XSS in LibreOffice
✍️ SSD Advisory – SonicWall SMA100 Stored XSS To RCE
✍️ Collabora Online Stored XSS (CVE-2024-29182)
✍️ How Did I Easily Find Stored XSS at Apple And Earn $5000 ?
✍️ CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover
✍️ Unrestricted File Upload Lead to Stored XSS at Microsoft main domain
✍️ $500 Bounty by Escalating DOM XSS to Stored XSS
✍️ Self-XSS to Stored XSS
✍️ How i found an Stored XSS on Google Books
✍️ $1000 for a simple Stored XSS
✍️ Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API
✍️ Account Takeover: Unraveling IDOR + Stored XSS Flaws in an NFT Marketplace
✍️ Stored XSS via Exif Data
✍️ Bug Bounty Writeup: Stored XSS Vulnerability WAF Bypass
✍️ CVE-2023-1767 - Stored XSS on Snyk Advisor service can allow full fabrication of npm packages health score
✍️ CVE-2023–1410 : Stored XSS in the Graphite Function Description tooltip
✍️ Interesting Stored XSS in sandboxed environment to Full Account Takeover
✍️ CSRF + Stored XSS Leading to Full Account Takeover
✍️ Stored XSS vulnerability in Microsoft booking
✍️ Flickr Stored XSS
✍️ I Hope This Sticks: Analyzing ClipboardEvent Listeners for Stored XSS
✍️ Stored XSS at https://www.tiktok.com/ the name of the attacker’s account carrying XSS payload will be triggered when the victim Send Video
✍️ Interesting Stored XSS via meta data
✍️ How i found 29 stored XSS in modern framework
✍️ Stored XSS To Cookie Exfiltration
✍️ 5000$ for Apple Stored Xss And Another Blind Xss Still under review
✍️ How I Found A Simple Stored XSS
✍️ FabriXss (CVE-2022-35829): How We Managed to Abuse a Custom Role User Using CSTI and Stored XSS in Azure Fabric Explorer
✍️ Stored XSS in Nvidia via Angular JS template injection
✍️ Stored XSS in app.gitbook.com
✍️ Stored XSS to Account Takeover : Going beyond document.cookie | Stealing Session Data from IndexedDB
✍️ stored XSS and stored HTML Injection in United Nations Website
✍️ Bypassing WAF to Weaponize a Stored XSS
✍️ Privileged account creation via Mass Assignment towards a full compromise using a Stored XSS
✍️ Stored XSS To Other Users Via Messages
✍️ A Tale of Open Redirection to Stored XSS
✍️ CVE-2022-24948: Apache JSPWiki preauth Stored XSS to ATO
✍️ Stored XSS in message.alibaba.com ($2,000)
✍️ Stored XSS by bypassing signature
✍️ SVG based Stored XSS
✍️ Account Takeover via Stored XSS
✍️ Moodle - Stored XSS and blind SSRF possible via feedback answer text
✍️ Stored XSS in the administrator’s panel due to misuse of MarkupSafe
✍️ Privilege Escalation to stored XSS
✍️ Zero-Day: Hijacking iCloud Credentials with Apple Airtags (Stored XSS)
✍️ Bug Bounty Guest Post: Local File Read via Stored XSS in The Opera Browser
✍️ How I escalate my Self-Stored XSS to Account Takeover with the help of IDOR
✍️ Account takeover via stored xss
✍️ Escalating Self-XSS To Stored XSS via Image injection + IDOR
✍️ Stored XSS in Google Doubleclick Studio [Google Research Grant]
✍️ Stored XSS via Invite leading to Mass Account Takeover at Opera.
✍️ Account takeover via stored XSS with arbitrary file upload
✍️ Joomla Password Reset Vulnerability And A Stored XSS For Full Compromise
✍️ Stored XSS with two different parameters
✍️ How I find my first Stored XSS
✍️ Stored XSS to Organisation Takeover
✍️ Pwning your assignments: Stored XSS via GraphQL endpoint
✍️ How I earned $$$$ through Stored XSS
✍️ Stored XSS on the DuckDuckGo search results page
✍️ Encrypted Payload -> Decrypted Execution ($600) : Stored XSS
✍️ Stored XSS in Google Ads Android Application— $3133.70
✍️ Stored XSS at Trello.com
✍️ Stored XSS in icloud.com — $5000
✍️ Broken Access Control & Stored XSS - Easy Hunt
✍️ [CVE-2019-17674 & CVE-2020-11025] Stored XSS through navigation menu item edited in Customizer in Wordpress (Write Up)
✍️ Stored XSS Leads to Plaintext Password Disclosure
✍️ Arbitary File Upload too Stored XSS - Bug Bounty
✍️ self XSS to stored XSS [ think out the box]
✍️ Microsoft Office 365 Stored XSS
✍️ Stored XSS in Bandcamp
✍️ Stored XSS, CSRF And Clickjacking Vulnerabilities in Opera
✍️ Paypal stored XSS + Security bypass

Frequently Asked Questions

The following are frequently asked questions about common vulnerabilities and security misconfigurations found during bug bounty hunting. Understanding these concepts is crucial for anyone starting their bug hunting journey.

What is an XSS vulnerability? Cross-Site Scripting (XSS) attacks are a type of injection attack in which malicious scripts are inserted into otherwise trustworthy and innocuous websites. XSS attacks occur when an attacker uses a web application to send malicious code to a particular end user, usually in the form of a browser side script. The flaws that enable these attacks to succeed are common and can be found wherever a web application uses input from a user within the output it generates without validating or encoding it.

There are mainly 3 types of XSS:

What is an IDOR vulnerability? When a web application or API exposes a reference to an internal implementation object, it is referred to as Insecure Direct Object Reference (IDOR). This method exposes the element's true identifier and the data format it uses. This is a common access control flaw.

An example would be an API that gives you access to data belonging to other users, through an endpoint - /api/users/:id where an attacker can fetch data of any user by manipulating the id parameter.
What is an SSRF vulnerability? In a Server-Side Request Forgery (SSRF) attack, the attacker can read or update internal resources by abusing server features. The attacker may supply or change a URL to which the server's code can read or send data, and by carefully choosing the URLs, the attacker might be able to read server configuration such as AWS metadata, connect to an internal service, or access sensitive files.
What is a SQLi vulnerability? A SQL injection attack involves inserting or "injecting" a SQL query into the application through the client's input data. An effective SQL injection exploit can read sensitive data from the database, alter database data (Insert/Update/Delete), and even perform database administration operations.
What is an RCE vulnerability? If user input is inserted into a File or a String and then executed (evaluated) by the backend programming language's parser, a remote code execution (RCE) vulnerability can be exploited. A Remote Code Evaluation will result in the entire web application and web server being compromised as it allows an attacker to execute arbitrary commands on the server.
How can I reach you? If you have any feedback or, concerns about this site, I can be reached on Twitter.