A big corp marked one of its hosts as not eligible for monetary rewards in their bug bounty program. At the same time they turned this host into an interesting target, hijacking it allows bypassing same-origin policy. Now how do I convince them that this isn’t a smart move?


It will be a while until I can get to XSS hunting on that host but I expect it to get interesting. On the one hand they have useless CSP with script-src: 'unsafe-inline' and some broken origin checks. On the other hand they are using React. So the chances should be even?

· · Web · 1 · 0 · 1

Neat, they are using document.domain. So the attack surface just increased to encompass all of their web properties. *evil laugh*

@WPalant It's OK, we'll just tell the fire it's illegal for it to spread past this county line.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.