Collaborate Disseminate
Let’s say a website contains the following <script> tag and does not have a CSP blocking any execution here.
<script type="text/javascript">
document.write(location.href)
</script>
At first glance, this code … Continue reading XSS in document.write(location.href)
I have found parameter that simply reflects into response body, but no Content-Type is specified by server. It doesn’t use any XSS-protection mechanisms like CSP or X-XSS-Protection. However, I was not able to fire payload in up-to-date Ch… Continue reading Reflected XSS but no Content-Type is specified
When I was making my PicoBlaze Simulator in JavaScript, I added 6 examples of how to use it. Those examples are on my GitHub profile, they are the .psm (PicoBlaze Assembly) files. I decided not to hard-code the links to those .psm files in… Continue reading Why don’t Internet browsers allow me to fetch a JSON file from raw.githubusercontent.com, but they allow me to fetch .psm files from there?
I’m talking specifically about the HTML Sanitizer API: https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API
The API allows you to configure the sanitizer with a list of allowed elements and attributes. Script tags are remove… Continue reading Are there any html Sanitizer() API configs that allow javascript execution?
The application is responding using the user supplied request but the content type is set as application/json. Is it possible to trigger still XSS?
This is a language neutral question, it can be Java,PHP,ASP,Node,Python, etc.
The X-Content… Continue reading With Response header having content-type: application/json, is it still possible to trigger XSS?
Sometimes we’re solving some challenges with friends like "Intigriti Monthly Challenges", do you guys have any other alternatives? I like this concept but Intigriti is monthly and others are not updated, solving them is fun, but … Continue reading Alternative Monthly Challenges
I have been researching various common techniques for preventing CSRF attacks, such as SameSite, Secure, and CSRF Tokens, and how they can be bypassed. I found that the following vulnerabilities exist:
A website’s subdomain or sibling dom… Continue reading Can strict ‘Referer’ validation also be bypassed with vulnerable subdomains?
Millions of WordPress-powered websites are using the Advanced Custom Fields and Advanced Custom Fields Pro plugins, which security researchers say have been vulnerable to cross-site scripting (XSS) attacks. Continue reading WordPress plugin vulnerability puts two million websites at risk
I was in a bug bounty. I can’t be sure of this problem because it’s all over the website.
Will this be harmful for the organization?
When I exit the angular brackets and paste the payload, it pops up an alert:
Continue reading What defines an XSS vulnerability? (my case) [closed]
const scriptElement = document.createElement(‘script’);
// Set the source (src) attribute
scriptElement.src = ‘/evil.js?’+decodeURI(urlParams[‘sync’]);
// Append the script element to the HTML document
document.body.appendChild(scriptEle… Continue reading Is this code vulnerable to DOM XSS?