security research
iltosec
ILTOSEC
writeups & research

Blog

RSS
1 posts
/
categories
tags
Xss·Injection·Account Takeover · enumeration·Account Takeover
Stored XSS to Full Account Takeover: Chaining a Hybrid Markdown Parser Flaw with localStorage Token Theft
A red team case study showing how an unsanitized hybrid Markdown parser led to stored XSS, and how that XSS was chained with localStorage-based token theft to achieve full admin account takeover.
2026-07-02
4 1 7 min read