Open in app

Sign in

Write

Sign in

Discovering a Stored XSS: a duplicate one!

Shahariar Amin
2 min readFeb 4, 2025

It was a quiet Sunday evening, and I was browsing my bugcrowd account. Suddenly I found a website that deals with Entertainment. I’ve always been fascinated by how web applications work, and as a budding security enthusiast, I often find myself poking around to see how things are built. Little did I know, this casual exploration would lead me to discover a stored Cross-Site Scripting (XSS) vulnerability that could have had serious implications for the platform and its users.

Let the website is example.com. There is an option where users can upload lyrics of any song. But the policy says, I can only include some html tag in my lyrics like <strong>, <b> etc.

But When I push basic script tag (test<scRipt>alert(document.cookie);</scRipt>)and do some other malicious activities, I notice I didn’t get blocked by any filter, I can Successfully execute my javascript code there.

That means I successfully bypass their Input Validation Policies and execute stored XSS!

But luck wasn’t on my side! I got duplicate…

Happy Hunting and Keep yourself motivated!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Shahariar Amin
Shahariar Amin

Written by Shahariar Amin

16 Followers
11 Following

Penetration Tester (Web Application),Bug Hunter,CSE student of RUET,Bangladesh.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams