Stored XSS: Non-Privileged User to Anyone Using QR Code

存储 XSS: 任何使用 QR 码的人的非特权用户

Hello guys👋👋 ,Prajit here from the BUG XS Team , recently I got a valid Stored XSS-P2 via QR Code on a Bugcrowd private program, in this write-up I will discuss how I found it. Hope you enjoy it 😉!

大家好,我是 BUG XS 团队的 Prajit,最近我通过一个 Bugcrowd 私人程序的二维码得到了一个有效的存储 XSS-P2,在这篇文章中我将讨论我是如何找到它的。希望你喜欢!

So first before jumping directly into steps, let me give you a short gist of Stored XSS for those who don’t know.

因此,在直接进入步骤之前,让我为那些不知道的人提供一个存储 XSS 的简短要点。

What is Stored XSS?

什么是存储的 XSS?

Stored XSS aka Persistent XSS or Type-1 XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc.

存储 XSS 即持久 XSS 或 Type-1 XSS 通常发生在用户输入存储在目标服务器上时,如数据库、消息论坛、访问者日志、评论字段等。

With the advent of HTML5, and other browser technologies, we can envision the attack payload being permanently stored in the victim’s browser, such as an HTML5 database, and never being sent to the server at all.

随着 HTML5和其他浏览器技术的出现,我们可以想象攻击负载被永久地存储在受害者的浏览器中,比如 HTML5数据库,而根本不会被发送到服务器上。

Moving Onto Main Find


So in one of the subdomain of the program I received, had a feature of styling a page of app by adding different features and styles.


Feature Page 专题网页

In there in each and every section like “ Name” , “A little about yourself” etc I injected XSS Payload “><img src=x onerror=alert(document.cookie)>

在每个部分中,比如“ Name”、“ a little about yourself”等,我注入 XSS Payload“ > < img src = x onerror = alert (document.cookie) >

Injected Payload 注入式有效载荷

Now as I clicked on “Add Content” I got XSS Pop Up.

现在,当我点击“添加内容”,我得到 XSS 弹出。

Payload Executed 有效载荷已执行

But here as you can see, it has no get parameters or anything or not even share feature, which I could use to send this to other user, otherwise this is right now Self Stored XSS, which is a P5/no-impact vulnerability☹️.

但是这里你可以看到,它没有获取参数或任何东西,甚至没有共享特性,我可以用它来发送给其他用户,否则这就是现在的自存储 XSS,这是一个 P5/无影响漏洞 something。

So I started looking for ways with which I can increase the impact, or any methods I can send this page to other users, then the QR Code on the top right corner just caught my eye🧐, so I thought of testing it.


As soon as I scanned this QR Code it opened up a site, In which my XSS payload executed😍, so finally I have converted Self XSS to Non-Self XSS hance now P2 severity😈.

当我扫描这个二维码,它打开了一个网站,在我的 XSS 有效载荷执行,所以最后我已经转换自我 XSS 到非自我 XSS 现在 P2严重性。

Non Self Executed XSS 非自执行 XSS

Take away

Always when you get Self Stored XSS, try to increase impact with testing other available functionalities.

总是当您得到 Self Stored XSS 时,尝试通过测试其他可用的功能来增加影响。

So this is all about this write-up, hope you liked it, if you found this informative, do not forget to clap👏 and do let me know if you have any doubts✌️. I am also planning a new series for a writeup which I will start soon, so stay tuned, and hit that follow button.


Thanks For Reading😊


Profile Links:







BUG XS Official Website: