How I got stored XSS on the ADMIN panel ?
Hey guys, so I am back with a new post this time. Recently I was assigned a penetration test for a certain client. I have written another post on my CSRF findings in this penetration test. If you haven't read that post, I recommend checking it out here , so that you can understand the application flow and how a user can interact with the ADMIN. I don't want to make it a long post by repeating the same things I did in the last post. Let's get to the main point then. In the application, the ADMIN can invite a user who would then sign up through that link. The main thing I noticed here, was that this user could also, update the settings page for the company. He could change the company name also. The company name was being reflected on the page and I immediately thought that it seems a perfect place for finding XSS vulnerabilities. So I started trying different XSS payloads there, but it was filtering most of the stuff I could think of. If I