[Contribution] Mozilla – HTTP Response Spliting, Reflected & Stored XSS
                                            Posted by: Yann C.  /  
                                            Category:  / Contributions / Cryptology / HRS / Opensource / Vulnerabilities, exploits and PoC   /  
                                            1 Comment                                        
                                    
03
                                        Apr
                                        2017
                                    A subdomain of Mozilla.org has several XSS vulnerabilities and an HTTP Response Splitting vulnerability.
This article illustrates the exploitation of an HRS (HTTP Response Splitting) in order to elevate it in a reflected XSS through a concrete example: Mozilla. When searching for vulnerable (sub)-domains as part of a Bug Bounty program, the subdomain dictionary attack. Read more



