XSS via file upload
I found xss via file upload here i uploaded svg file which stored in google cloud and reflected with xss
1) login at app.xyz.com
2) go to online store >> settings >> Email Notification >> Email design
3) click edit
4) Upload the file with svg payload
5) save the file and open image in new tab
But it’s marked as duplicate
Next day I observed that bug got patched and we can’t do xss anymore.
But after I saw url changed
https://images.xyz.com/s/cdn/v1.0/i/m?url=https%3A%2F%2Fstorage.googleapis.com%2Fproduction-xyz-v1-3%2F823%2F1134823%2FUc1iyTw%2Fe843c14e4a5f46c6898aeb3133ea1a30&methods=convert%2Cpng
After URL decoding
https://images.xyz.com/s/cdn/v1.0/i/m?url=https://storage.googleapis.com/production-xyz-v1-3/823/1134823/Uc1iyTw/e843c14e4a5f42c6898aeb3133ea1a30&methods=convert,png
What if I remove the convert part from url.
Oh we get pop up again
After reporting it’s got triaged