Aneesha D (ohzo)
2 min readMar 3, 2023

Bypassing WAF and got XSS in DOD

Hello all, In this post I will share about the how I found RXSS on DOD.

During my latest security testing, I set my sights on the Department of Defense’s website and chose as my target. My first step was to use subfinder to search for any subdomains associated with the site. Once I had a list of subdomains, I used waybackurls to…

Aneesha D (ohzo)

I am a Software Developer and a Security Researcher with a Bachelor of Engineering in CS.