Stored XSS in Yahoo!

Sharing is Caring :)
When we share, we open doors to a new beginning…../
Well, This is Shahzada Al Shahriar Khan. And I am from Bangladesh.
Now I am going to share how I found Stored Cross-Site Scripting (XSS) in Yahoo.

Steps to Reproduce:
And Comment this payload: "><img src=x onerror=confirm(1);&gt

Now what? Voila! We get the famous confirm(1) to popup! :D

I am trying another payload that I can write something in popup box, and found this payload: <img src=x onerror=prompt(1337)>

 That moment I feel like a boss!

Here is the video PoC:


31/03/2018 — Initial Report.
01/04/2018 — HackerOne staff asked for ‘Needs more info.’
01/04/2018 — More Info Submitted.
04/04/2018 — Triaged and a $300 initial bounty rewarded.
06/04/2018 — Bug Resolved.
11/04/2018 — $1700 bounty rewarded. ( Total $2000 )

My previous write-up: 

XSS in (Reflected)

Hello Guys, This is Shahzada Al Shahriar Khan. Known as TheShahzada.
I am from Bangladesh. And I am Newbie in Bug Bounty. :P
Well, Now I will share how I found Reflected Cross-Site Scripting (XSS) in main & sub domain of Yahoo.

Vulnerable URL:

Payload I Use:



Yahoo Canada Subdomain

Video PoC:

Aug 12th - I Submitted The Report.
Aug 15th - Triaged The Report & Rewarded Me $300 Initial Bounty.
Aug 16th - Resolved
Aug 24th - $400 Bounty Rewarded.