How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
ah dm is closed, i am asking it here, ah when u looking for postMessage,u look at those on global listeners and going to the code, and finding addeventlistener("message then u look for sources? like window.open after the code that has message? like i didn't understand
For quick summary all listeners in a website, you could use the browser extension github.com/fransr/postMes… Quick look to find: .innerHTML or window.open or others sinks in my slides
United States الاتجاهات
- 1. Dodgers 741K posts
- 2. World Series 391K posts
- 3. World Series 391K posts
- 4. Blue Jays 122K posts
- 5. Yamamoto 231K posts
- 6. Will Smith 52.3K posts
- 7. Miguel Rojas 45K posts
- 8. Yankees 16.3K posts
- 9. jungkook 347K posts
- 10. Kershaw 38.2K posts
- 11. Baseball 170K posts
- 12. Carlos Manzo 300K posts
- 13. Kendrick 18.5K posts
- 14. Vladdy 23K posts
- 15. #Worlds2025 31.1K posts
- 16. Dave Roberts 14.9K posts
- 17. Ohtani 91.8K posts
- 18. Mets 11.8K posts
- 19. Hoffman 12.8K posts
- 20. Cubs 7,832 posts
Loading...
Something went wrong.
Something went wrong.