How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States Trends
- 1. Cowboys 69.1K posts
- 2. Nick Smith Jr 11.5K posts
- 3. Kawhi 4,428 posts
- 4. Cardinals 31K posts
- 5. #LakeShow 3,456 posts
- 6. #WWERaw 63K posts
- 7. Jerry 45.3K posts
- 8. #WeTVAlwaysMore2026 492K posts
- 9. Kyler 8,594 posts
- 10. Blazers 8,080 posts
- 11. Jonathan Bailey 26.3K posts
- 12. Logan Paul 10.4K posts
- 13. No Luka 3,710 posts
- 14. Valka 4,923 posts
- 15. Jacoby Brissett 5,716 posts
- 16. Dalex 2,618 posts
- 17. Pacers 13.2K posts
- 18. Pickens 6,691 posts
- 19. Bronny 14.7K posts
- 20. Javonte 4,406 posts
Loading...
Something went wrong.
Something went wrong.