Collaborate Disseminate
I recently developed a website that was operational for me ^^
However, someone came to try injections and found an XSS flaw.
I have a form like this:
<h2>
<span>Search</span>
</h2>
<div class "col-xs-12&… Continue reading What are the risks of XSS in this forms?
It is known that in modern browsers you can’t run XSS in img src(assuming quotes are escaped), because neither javascript: protocol, nor svg will execute the code. But does it mean that trusted data with filtered quotes is unable to cause … Continue reading Vulnerabilities in img src
The thermal printer is ubiquitous in today’s world, mostly found whenever we have to get a receipt from somewhere. They’re cheap, fast, and easy to use. Not only that, though, …read more Continue reading A Dungeon Master with a Thermal Printer
You can execute the following JavaScript in a web browser console (Chrome or Edge) and get a floating WhatsApp button in the bottom of the screen.
If you click the link, you get about:blank#blocked instead a WhatsApp message window.
Why is… Continue reading Why do Chrome and Edge web browsers block a WhatsApp button? [closed]
I am performing penetration testing on a web application. Let’s say the site as "https://example.com"
There is a comment field , where a user can add data and it will be shown in the same page.
So I was trying multiple payloads a… Continue reading How to turn this particular HTML rendering into a XSS or open redirection
I think I have a working DOM XSS attack, but it only works when I run this command in the console:
document.write("<OPTION value=1>"+decodeURIComponent(document.location.href.substring(document.location.href.indexOf("… Continue reading DOM XSS only works when I enter a command in the console [closed]
I am looking to figure out how to create an iFrame tag without any spaces. I have found an input on a Bug Bounty program that reflects my input back into the page, and allows me to escape double quotes and an angle bracket. The page has X… Continue reading Can you have an <iframe> tag with no spaces?
I have made a website to control a couple of things at home. I haven’t bought any domain, since this is just going to be for myself.
Right now, I use my public IP address and a port to access my website, however, this can only be done at h… Continue reading Node.js website security for personal use [closed]
I operate a blog using Google’s Blogger platform about programming. I use highlight.js for syntax highlighting, and now on my posts I see the console warning: One of your code blocks includes unescaped HTML. This is a potentially serious s… Continue reading "One of your code blocks includes unescaped HTML." JS console security warning
I was was inspecting elements in a website and I randomly stumbled onto this piece of code .
</style><meta name="add-styles-here"/><meta name="add-scripts-here"/></head><body><kbn-csp da… Continue reading Risk of injecting a malicious script/code?