Stored XSS on edmodo

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 12 hours ago · vulnerability
quality 6/10 · good
0 net
AI Summary

A stored XSS vulnerability was discovered on Edmodo's library feature where folder names were not properly sanitized on a specific endpoint, allowing an attacker to inject malicious JavaScript payloads that execute when the folder URL is accessed.

Tags
stored-xss xss bug-bounty vulnerability-disclosure input-sanitization web-application payload-bypass
Entities
Edmodo Rohit Verma
Stored XSS on Edmodo | by Rohit Verma - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Stored XSS on Edmodo Hello everyone, I believe sharing is caring, and I have been learning from multiple security researchers in the Infosec community. So here… Rohit Verma Follow ~1 min read · May 28, 2019 (Updated: December 10, 2021) · Free: Yes Hello everyone, I believe sharing is caring, and I have been learning from multiple security researchers in the Infosec community. So here is the write-up of my recent finding. The web application allows you to create a virtual library. In the library, you can add files, folder , links, quiz. And when a user adds the name to the folder with evil chars, it was sanitized correctly. After hours of enumeration, I found another endpoint where only the folder name was getting reflected, and it was not correctly being sanitized. Below are the steps to reproduce the stored XSS vulnerability: 1: Open Https://edmodo.com/library 2: Make a new folder 3: Input this payload "
← Back to stories