Stored XSS on Indeed

Hey,
I’m Tirtha Mandal from Kolkata, currently staying in Hyderabad. I’m a software engineer. I do bug hunting during my free time. This is my first write-up on Bug Bounty. In this write-up, I’m going to share how I got stored XSS on Indeed.

What is Stored XSS?
Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.

Source:- https://www.imperva.com

Now let’s dig into the whole process. So one night, I decided to hunt on big scopes like Indeed, Jet or Paypal, etc. I choose Indeed as my target. I checked the Indeed page on Bugcrowd. It looks like a little bit challenge to me. 

Indeed is having lots of subdomains. Then I started poking around the main domain like creating an account, posting job, etc. I fill most of the input field with XSS payload along with the field name. While I doing this watched something like this

I thought like why not add additional email. So I added a temp email and proceed with the next steps. Suddenly I checked my temp email box and got an email like this

So I clicked on Accept Invite. As I don’t have an account on the specified email, Indeed asked for a password to signup. After that when I clicked on Create Account I got a pop-up with the Company Name Field. 
YAAYYYY!!! Stored XSSSSS!!! 

Within one hour it got triaged. Indeed rewarded $1500 for this.

Thank you all for reading my first write-up. I hope you all like it.
Happy hunting ❤

Timeline:-
Reported on 8th June’2019
Triaged on 8th June’2019
Rewarded $1500 on 26 June’2019

About me: https://cyberzombie.in/about
Twitter: https://twitter.com/tirtha_mandal
FB: https://www.facebook.com/tirtha.mandal.7106
Insta: https://www.instagram.com/tirtha_mandal/

One Comment

Leave a Reply