How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States トレンド
- 1. Dolphins 36K posts
- 2. Ryan Rollins 10.5K posts
- 3. Halloween 1.85M posts
- 4. Ravens 51.7K posts
- 5. Lamar 47.9K posts
- 6. Mike McDaniel 4,253 posts
- 7. YouTube TV 42.9K posts
- 8. Derrick Henry 5,269 posts
- 9. Achane 4,627 posts
- 10. #TNFonPrime 2,709 posts
- 11. Starks 3,189 posts
- 12. Jackson 5 4,144 posts
- 13. UTSA 3,337 posts
- 14. Bucks 46.8K posts
- 15. Mark Andrews 3,235 posts
- 16. #PhinsUp 4,399 posts
- 17. Tulane 9,204 posts
- 18. #DBX4 1,117 posts
- 19. #PorVida 1,735 posts
- 20. #RHOC 2,906 posts
Loading...
Something went wrong.
Something went wrong.