Deconstructing the Escalation Path: From a Benign Self-XSS to Admin access
The Setup There's this SaaS product I’d been testing — let’s call it WorkspaceX. It’s a platform for managing coworking spaces: bookings, memberships, internal communication, the works. Pretty well put together. Each space gets its own subdomain, like: Admins can create membership plans with different…
Continue reading...