How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States トレンド
- 1. Liverpool 177K posts
- 2. Derek Shelton N/A
- 3. Sam Hauser N/A
- 4. Slot 108K posts
- 5. Delap 22.1K posts
- 6. $META 34.5K posts
- 7. Sonya Massey 20.5K posts
- 8. Jennifer Welch 17.9K posts
- 9. Boasberg 18.1K posts
- 10. Magic 329K posts
- 11. Crystal Palace 57.7K posts
- 12. Gittens 28K posts
- 13. Pierre Robert 2,780 posts
- 14. Powell 73.2K posts
- 15. Landry 5,201 posts
- 16. Arctic Frost 55.4K posts
- 17. Watergate 13.7K posts
- 18. Woodward 8,718 posts
- 19. Welcome to Philly N/A
- 20. South Korea 201K posts
Loading...
Something went wrong.
Something went wrong.