How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
ah dm is closed, i am asking it here, ah when u looking for postMessage,u look at those on global listeners and going to the code, and finding addeventlistener("message then u look for sources? like window.open after the code that has message? like i didn't understand
For quick summary all listeners in a website, you could use the browser extension github.com/fransr/postMes… Quick look to find: .innerHTML or window.open or others sinks in my slides
United States Trends
- 1. Powell 65.9K posts
- 2. Metchie 3,117 posts
- 3. Michael Carter 4,055 posts
- 4. Pierre Robert 1,623 posts
- 5. Sonya Massey 7,186 posts
- 6. Jennifer Welch 14.9K posts
- 7. #NationalCatDay 5,203 posts
- 8. #DHAtlanta N/A
- 9. Huda 38.2K posts
- 10. DeJean N/A
- 11. FOMC 56K posts
- 12. The Fed 94.3K posts
- 13. Richarlison 1,609 posts
- 14. $META 32.7K posts
- 15. Howie 1,878 posts
- 16. Azure 21.3K posts
- 17. $MSFT 41.6K posts
- 18. Sean Grayson 2,197 posts
- 19. Crystal Palace 29.9K posts
- 20. Gittens 8,250 posts
Loading...
Something went wrong.
Something went wrong.