Blind XSS via SMS Support Chat — $1100 Bug Bounty!

Chevon Phillip
1 min readApr 3, 2023

Hello Hunters, This is a quick write-up on how my blind XSS payload executed within an internal support portal via an SMS support chat.

This company (example.com) had a support site allowing users to submit a support ticket. You can create a support ticket in three ways:

  1. Email Support
  2. Phone Call Support
  3. Text messages SMS support

Option 3 stood out to me, and I decided to play around with this option. After a few minutes of creating a ticket, I…

--

--

Chevon Phillip

Application Security Engineer. I helped secure top companies and organizations.