How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
ah dm is closed, i am asking it here, ah when u looking for postMessage,u look at those on global listeners and going to the code, and finding addeventlistener("message then u look for sources? like window.open after the code that has message? like i didn't understand
For quick summary all listeners in a website, you could use the browser extension github.com/fransr/postMes… Quick look to find: .innerHTML or window.open or others sinks in my slides
United States Trends
- 1. Dolphins 36.6K posts
- 2. Halloween 1.8M posts
- 3. Ryan Rollins 10.7K posts
- 4. Ravens 52.6K posts
- 5. Mike McDaniel 4,371 posts
- 6. Lamar 48.9K posts
- 7. YouTube TV 43.6K posts
- 8. Derrick Henry 5,313 posts
- 9. Achane 4,668 posts
- 10. #DBX4 1,327 posts
- 11. #TNFonPrime 2,751 posts
- 12. Starks 3,266 posts
- 13. UTSA 3,423 posts
- 14. Bucks 47.2K posts
- 15. Jackson 5 4,251 posts
- 16. Mark Andrews 3,255 posts
- 17. Tulane 9,271 posts
- 18. #PhinsUp 4,449 posts
- 19. #PorVida 1,766 posts
- 20. #RHOC 2,971 posts
Loading...
Something went wrong.
Something went wrong.