Self-Stored XSS by Adding and Removing Access Tokens (Bug Bounty Writeup)

Morning bro.

In this moment, I want to share a writeup for Self-Stored XSS Vulnerability what I found on pass week. In this case XSS can be triggered twice, by adding and removing Access Tokens. So, here we go.

What is Cross-site Scripting (XSS)?

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data. (Source: Portswigger)

Stored Cross-site Scripting

Stored XSS (also known as persistent or second-order XSS) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. The data in question might be submitted to the application via HTTP requests; for example, comments on a blog post, user nicknames in a chat room, or contact details on a customer order. In other cases, the data might arrive from other untrusted sources; for example, a webmail application displaying messages received over SMTP, a marketing application displaying social media posts, or a network monitoring application displaying packet data from network traffic. (Source: Portswigger)

At that time, I tried doing several vulnerability scanning but got no results. I was tired and lazy to carry out deeper vulnerability scanning again. But, I’m a little curious about the Access Tokens menu.