https://prashantb.dev/tags/bug-bounty/ Recent content in bug bounty on Blogs by Prashant B. https://pixabay.com/get/g61a93d93efd9be3f89af90a3a3ab09f5038e2fc845bfef9652e193a7f23b33417194e775640fe162bc43a33a0b3e36b5e6745f714d647cb155079bc5f89883e9ef93b7db818730f01c5b6a29ebb77cd9_640.png https://pixabay.com/get/g61a93d93efd9be3f89af90a3a3ab09f5038e2fc845bfef9652e193a7f23b33417194e775640fe162bc43a33a0b3e36b5e6745f714d647cb155079bc5f89883e9ef93b7db818730f01c5b6a29ebb77cd9_640.png Hugo -- 0.118.2 en Sun, 25 Aug 2024 21:42:52 +0530 https://prashantb.dev/posts/stored-svg-xss/ Sun, 25 Aug 2024 21:42:52 +0530 https://prashantb.dev/posts/stored-svg-xss/ Hi, hope you guys doing great! Here is a story about me finding a stored XSS using SVG files. Approach Found a target that has many features which included Discussion, Discovery, Mixtapes, Shorts, Activity and what not. I went ahead with looking at user dashboard. Why would I look for xss at a user dashboard where only I am the visitor? Nice Question! If I found XSS there then it would be considered a self XSS.