How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States Tendances
- 1. Cowboys 48.8K posts
- 2. #WWERaw 44.9K posts
- 3. Koa Peat 4,845 posts
- 4. Cardinals 22.7K posts
- 5. Bland 9,994 posts
- 6. Jacoby Brissett 2,718 posts
- 7. Jerry 38.9K posts
- 8. Logan Paul 6,135 posts
- 9. Kyler Murray 2,220 posts
- 10. Arizona 39K posts
- 11. Cuomo 144K posts
- 12. Bethune 3,467 posts
- 13. Sam Williams 1,116 posts
- 14. Monday Night Football 15.7K posts
- 15. Eberflus 1,557 posts
- 16. Pacers 8,916 posts
- 17. Marvin Harrison Jr 4,891 posts
- 18. Steele 5,463 posts
- 19. Jake Ferguson 1,548 posts
- 20. #RawOnNetflix 1,633 posts
Loading...
Something went wrong.
Something went wrong.