> Since both hosts were behind the same loadbalancer, it was possible to cache files hosted on redacted-cdn.com under assets.redacted.com, inherently allowing me to move the vulnerable html file on a different domain and achieve xss under a different origin.
Oof that Fastly XSS seems particularly nasty, and no mention of the bounty.
Am I understanding correctly that any website hosted on Fastly was vulnerable to XSS because of this?
Oof that Fastly XSS seems particularly nasty, and no mention of the bounty.
Am I understanding correctly that any website hosted on Fastly was vulnerable to XSS because of this?