A subdomain of Mozilla.org has several XSS vulnerabilities and an HTTP Response Splitting vulnerability.This article illustrates the exploitation of an HRS (HTTP Response Splitting) in order to elevate it in a reflected XSS through a concrete example: Mozilla. When searching for vulnerable (sub)-domains as part of a Bug Bounty program, the subdomain dictionary attack. Read more
Self-XSS are a very special case of XSS, where the victim and the attacker as one and the same person. The attacker is able to execute an injection in the browser, but only he can do. How to raise and exploit such injection to gain criticality?
tl; dr: Use WYSINWYC technique to.Read more