Stored XSS on LaporBug.id

Learn System Security - Stored XSS on LaporBug.id ~
LaporBug.id is a Bug Bounty Platform from Indonesia, for more info about LaporBug.id you can open https://laporbug.id/.

I take a few minutes to look around LaporBug.id and check every single URL, parameter, form.
On this page, we have a form to upload a profile image.
When I upload my profile image, I try to change the extension of my image.
When I change the extension with .html, no errors and my file successfully uploaded on the server.
I also tried some sensitive extension like .php / .php5 / .phtml / .PhP;.png / .php%00.png but blocked by server:(

Don't worry, we still can use .html to make Stored XSS.
Next, I put an XSS Payloads on my image with exiftool.

Payloads: "><img src=1 onerror=confirm(document.domain)//>
**BOOM**

Thanks for:

#HappyHacking

0 comments