This blog post is about complete failure that resulted in a win. In IRC I noticed people chatting about the offensive-security.com bugbounty. As they are the provider of what are meant to be some of the best security courses and certificates in the business. I looked fondly towards this as a great challenge. I decided to set aside 2 or 3 hours this evening to have a poke at their sites.
more here...http://makthepla.net/blog/=/plesk-sso-xxe-xss
more here...http://makthepla.net/blog/=/plesk-sso-xxe-xss