Very cool. I love seeing bug bounty write-ups, especially XSS. They always seem ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

orenlindsey on Jan 26, 2024 | parent | context | favorite | on: Rook to XSS: How I hacked chess.com with a rookie ...

Very cool. I love seeing bug bounty write-ups, especially XSS. They always seem so easy to find (but that's just confirmation bias, I don't get to see the hours of testing and rabbit trails that go nowhere).

sureglymop on Jan 26, 2024 [–]

In my experience they are usually found after finding something weird by accident. Then the real challenge is to exploit that flaw (in this case with the text editor).

fuomag9 on Jan 26, 2024 | [–]

I can confirm this, I've found a lot of stuff by accident during my years doing bug bounty

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact