Posts Tagged "bug bounty"
How I found DOM XSS via postMessage on Bing.com - Microsoft Bug Bounty
The website Bing.com has message event listeners. I found a feature that listens for postMessage with two arguments to update the User header bar with the user's points badge. The following are the steps I took to find the DOM XSS.
Read Post