How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States Tendenze
- 1. Austin Reaves 57.9K posts
- 2. #LakeShow 3,366 posts
- 3. Trey Yesavage 39.7K posts
- 4. jungkook 564K posts
- 5. Jake LaRavia 7,055 posts
- 6. Jeremy Lin 1,048 posts
- 7. #LoveIsBlind 4,811 posts
- 8. Happy Birthday Kat N/A
- 9. jungwoo 120K posts
- 10. #Lakers 1,230 posts
- 11. Blue Jays 63.2K posts
- 12. Rudy 9,457 posts
- 13. doyoung 87.8K posts
- 14. KitKat 18.2K posts
- 15. Kacie 1,967 posts
- 16. #SellingSunset 4,007 posts
- 17. #AEWDynamite 24.1K posts
- 18. Pelicans 4,646 posts
- 19. Devin Booker 1,364 posts
- 20. Dodgers in 7 1,701 posts
Loading...
Something went wrong.
Something went wrong.