Here before the poc i want to say that , i just implement the functionality of the site to lead self xss to stored one
Tagret: https://developer.zendesk.com
Steps:
Then i made video poc and sent to Zendesk and report reopened and fix and finally bounty $$
Tagret: https://developer.zendesk.com
Steps:
- go to https://developer.zendesk.com/account and under account information put payload in organization filed payload : <script>alert(1)</script>
- Here Its an self-xss right ?
- Now i am going to explain how i made it a stored one
- After this Zendesk Team marked It as N/A
- Then i remember that there is a autocomplte on on that organization filed
- Then I Fired my Burp and capture the request made that form then i saw https://developer.zendesk.com/autocomplete.json?name= is making request of organization from the db (all types organization are already saved in db, which you used before )
- So as i previously saved the organization name as <script>alert(1)</script> i started typing from <script and the
autocomplete.json?name= make request to db to retive the organization name started with <script then the payload executed
Then i made video poc and sent to Zendesk and report reopened and fix and finally bounty $$
