Untold Story Of Zomato XSS

One of our security researcher found stored xss in Zomato. Here’s full story how we found stored xss in Zomato. While doing penetration testing on some project we obsessed with the work & then we ordered few snacks from Zomato. And suddenly we thought that let’s do some bug bounty. So we decided to start hunting with Zomato.

The first basic step to conduct penetest of any web app lets understand full functionality of website. We started to crawling all functionality of Zomato website. After some time of crawling and understanding the functionality of Zomato.

And we found one parameter where you can register as partner on Zomato and after register as partner you can ask your queries to Zomato with them like this.

Here’s Zomato offer a functionality to upload any image , video , audio & pdf to share with their agents for supports. And we upload our XSS payload file as pdf and boooommmmm !!!! our stored XSS payload triggers and like this.

We reported this bug asap to Zomato security team but unfortunately our report marked as duplicated.

But will didn't give up and decided will hunt again & again.

Thanks for reading our blog.

Happy Hacking !!