Stored XSS via Sanitizer Bypass


Summary

On October 31, 2021, I discovered Stored XSS throught bypass Sanitizer in mail.kakao.com. Since the backend code of the Kakao Mail service is not open source, it was bypassed by guessing based on the return value.


How to find and exploit

Not authorized


Proof of Concept

Not authorized