Self-XSS and they didn’t care

A tale of Self-XSS getting no love.

The word xss

Self-XSS is a hit or miss when submitted to bug bounty programs. Some companies will pay money for it, and others will not. The scenario is usually where the user must copy and paste the payload themself. The payload usually never interacts with the backend server and is strictly DOM-based. Most people probably wouldn’t fall for this, but a website like…




Writer, Web Developer, Hacker, and Family man

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A quick look at the NSA exploits & Dander Spiritz trojan

Setting Up A Domain In The Digital Ocean


3 Signs It’s Time To Relook Your Approach To Security Operations

{UPDATE} Road Runner Quad Bike Stunts Hack Free Resources Generator

{UPDATE} Leviathan: The Last Day of the Decade Visual Novel Hack Free Resources Generator

Penetration Testing | Cymune

Data Leak — B2B eCommerce Platform Bizongo

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adam W.

Adam W.

Writer, Web Developer, Hacker, and Family man

More from Medium

Solving Intigriti’s February XSS Challenge

Image of the relevant javascript code

Helpful Bug Bounty Resources

Computer Screen with text above saying “Bug Bounty Resources”

On the way to 2nd Bounty XSS and Apache server .

Find bugs by Google dork method