Weaponizing XSS

• https://www.trustedsec.com/blog/tricks-for-weaponizing-xss/

• https://portswigger.net/web-security/cross-site-scripting/dangling-markup

• https://int0x33.medium.com/day-35-xss-payloads-217ab6c6ead7

• https://labs.f-secure.com/blog/getting-real-with-xss/

• https://cube01.io/blog/Moodle-DOM-Stored-XSS-to-RCE.html

• https://medium.com/@nnez/always-escalate-from-self-xss-to-persistent-xss-on-login-portal-54265b0adfd0

• https://cirius.medium.com/escalating-xss-to-account-takeover-ffde08624937

• https://www.trustedsec.com/events/webinar-popping-shells-instead-of-alert-boxes-weaponizing-xss-for-fun-and-profit/?utm_content=109784370&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306

• https://medium.com/@Ch3ckM4te/self-xss-to-account-takeover-72c89775cf8f

• https://hackerone.com/reports/314518

• https://infosecwriteups.com/chain-of-low-level-bugs-and-misconfigurations-leads-to-account-takeover-de248fc4e481

• https://medium.com/@ephreet/creatively-chaining-xss-techniques-eb5503e15d2e

• https://hackerone.com/reports/534450

• https://hackerone.com/reports/340431