How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
ah dm is closed, i am asking it here, ah when u looking for postMessage,u look at those on global listeners and going to the code, and finding addeventlistener("message then u look for sources? like window.open after the code that has message? like i didn't understand
For quick summary all listeners in a website, you could use the browser extension github.com/fransr/postMes… Quick look to find: .innerHTML or window.open or others sinks in my slides
United States Тренды
- 1. #CARTMANCOIN 1,686 posts
- 2. Broncos 65.3K posts
- 3. yeonjun 202K posts
- 4. Raiders 65.7K posts
- 5. Bo Nix 18K posts
- 6. $SMILEY N/A
- 7. Geno 18.4K posts
- 8. Sean Payton 4,729 posts
- 9. daniela 41.9K posts
- 10. #criticalrolespoilers 4,818 posts
- 11. #TNFonPrime 3,998 posts
- 12. Kenny Pickett 1,505 posts
- 13. Bradley Beal 3,453 posts
- 14. Jalen Green 7,361 posts
- 15. Chip Kelly 1,960 posts
- 16. Kehlani 9,192 posts
- 17. TALK TO YOU OUT NOW 26.3K posts
- 18. Pete Carroll 1,940 posts
- 19. Pluribus 6,073 posts
- 20. Jeanty 6,489 posts
Loading...
Something went wrong.
Something went wrong.