Self-XSS and $$$?
A total of 34 people participated in this survey and 62% of the participants said
Self-XSS is considered as
P5 in Bugcrowd VRT. Of course, this changes for each bug bounty program. Although self-XSS is usually not evaluated, it’s evaluated sometimes with bounty or only rep / kudos. You can find a few Hackerone public reports at below to explain that.
1. Go to https://(domainname).slack.com/services/new 2. In the searchbar, type an XSS payload (I used ) 3. Hit Enter 4…hackerone.com
There is a stored self-XSS vulnerability at m.uber.com in displaying the uber invite code. If the user sets the invite…hackerone.com
Hi I have found an XSS in Slack. To reproduce the issue, just follow this: 1. Go to your Slack account (accountname…hackerone.com
Also, when you find a self-XSS on the app, you should try to make it more valuable XSS using login CSRF, clickjacking etc. You can read the following great write-ups related to this topic!
As an attempt to contribute for Google's Rewarding Web Application Security Research , I started working on Google Code…amolnaik4.blogspot.com.tr
The technique is listed as a contestant in Top 10 Web Hacking Techniques of 2011 poll. Clickjacking needs some loving…blog.kotowicz.net
Now that the Uber bug bounty programme has launched publicly, I can publish some of my favourite submissions, which I…whitton.io
so this post is about one of my most interesting find while participating in bug bounty programs, yes interesting as…www.geekboy.ninja
Self-XSS is a curious case of cross-site scripting: an attacker is able to execute code in the browser, but only he/she…brutelogic.com.br
We know that the right answers can not be achieved with few answers. We hope to provide more accurate information with more responses. Stay tuned! ^_^