Bypassing WAF and got XSS in DOD

Hello all, In this post I will share about the how I found RXSS on DOD.

https://hackerone.com/reports/1834042

During my latest security testing, I set my sights on the Department of Defense’s website and chose example.com as my target. My first step was to use subfinder to search for any subdomains associated with the site. Once I had a list of subdomains, I used waybackurls to…