ASafety » 2017

A subdomain of Mozilla.org has several XSS vulnerabilities and an HTTP Response Splitting vulnerability.

This article illustrates the exploitation of an HRS (HTTP Response Splitting) in order to elevate it in a reflected XSS through a concrete example: Mozilla. When searching for vulnerable (sub)-domains as part of a Bug Bounty program, the subdomain dictionary attack.

[Contribution] Mozilla – HTTP Response Spliting, Reflected & Stored XSS

Recent Posts

[BreizhCTF 2k19] Write-Up – Web : OctogoneBoobaKaarris

(Français) [BreizhCTF 2k18] Write-Up – Web : Basique Simple Simple Basique

(Français) [BreizhCTF 2k18] Write-Up – Web : Chinoiseries

Popular Posts

[PoC-XSS] Leveraging Self-XSS via WYSINWYC

[Contribution] Mozilla – HTTP Response Spliting, Reflected & Stored XSS

[BreizhCTF 2k19] Write-Up – Web : OctogoneBoobaKaarris

Recent Comments