Stored XSS on Indeed

I’m Tirtha Mandal from Kolkata, currently staying in Hyderabad. I’m a software engineer. I do bug hunting during my free time. This is my first write-up on Bug Bounty. In this write-up, I’m going to share how I got stored XSS on Indeed.

What is Stored XSS?
Stored cross-site scripting (also known as second-order or persistent XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way.


Now let’s dig into the whole process. So one night, I decided to hunt on big scopes like Indeed, Jet or Paypal, etc. I choose Indeed as my target. I checked the Indeed page on Bugcrowd. It looks like a little bit challenge to me. 

Indeed is having lots of subdomains. Then I started poking around the main domain like creating an account, posting job, etc. I fill most of the input field with XSS payload along with the field name. While I doing this watched something like this

I thought like why not add additional email. So I added a temp email and proceed with the next steps. Suddenly I checked my temp email box and got an email like this

So I clicked on Accept Invite. As I don’t have an account on the specified email, Indeed asked for a password to signup. After that when I clicked on Create Account I got a pop-up with the Company Name Field. 
YAAYYYY!!! Stored XSSSSS!!! 

Within one hour it got triaged. Indeed rewarded $1500 for this.

Thank you all for reading my first write-up. I hope you all like it.
Happy hunting ❤

Reported on 8th June’2019
Triaged on 8th June’2019
Rewarded $1500 on 26 June’2019

About me:


Leave a Reply