Just 5 minutes to get my 2nd Stored XSS on edmodo.com

Just 5 minute to get my 2nd stored XSS on Edmodo.com | by ZishanAdThandar - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Just 5 minute to get my 2nd stored XSS on Edmodo.com My overall experience with edmodo is good. They give quick response + cool swag + lots of input fields to test. ZishanAdThandar Follow ~1 min read · April 15, 2019 (Updated: December 9, 2021) · Free: Yes This time it was not planned. I was trying on many programs. Suddenly I opened edmodo and this time it redirected to new.edmodo.com. I posted my xss polyglot (as described on my first write up #540a33349662 ) on created school. This time I posted payloads on poll. Then I clicked on my dp to open my profile and it redirected me to www.edmodo.com/* . On this domain, there was some notification. I clicked notification and boom. It's there. PoC Video (Subscribe to the channel and share): Read my methodology on edmodo here #540a33349662 . Timeline: Reported on 31st January, 2019 Rewarded on 4th February, 2019 Swag received on 13th February, 2019 About me: Twitter https://twitter.com/ZishanAdThandar Youtube https://youtube.com/c/ZishanAdThandar First writeup: https://medium.com/@ZishanAdThandar/my-first-stored-xss-on-edmodo-com-540a33349662 #bug-bounty #infosec #hacking #swag #web-security Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).