Key learning from this report

We can learn the following from this report:

  • An XSS vulnerability does not necessarily need to be in a parameter that is visible in the original request, but to also test all other requests that are not originally generated by a web page.
  • Fransrosen went to great lengths and explained the attack surface of the vulnerability to the program owners turning a self XSS to a stored XSS, which is greatly appreciated in the response as well; he initially invited the team member to the report and then downloaded a Mac clipboard software and took the time to report and verify the vulnerability to the team.
  • Even though the bounty was not much, the vulnerability was well documented and proven nicely, which was effective in long-term engagement with the team.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.54.239