Hacking — Always Check the Cross-domain Policy
Concise tip: When testing a new target, always check their cross-domain policy, usually located at /crossdomain.xml! If you can find a subdomain/DNS takeover in a site within <allow-access-from> in that policy, you’ve just bypassed Same Origin…