How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States Trendy
- 1. Ryan Clark 1,634 posts
- 2. Scream 7 33.3K posts
- 3. 5sos 14.3K posts
- 4. Necas 2,171 posts
- 5. Somalia 53.5K posts
- 6. Mikko 2,686 posts
- 7. Matt Rhule 3,090 posts
- 8. Animal Crossing 25.9K posts
- 9. NextNRG Inc 2,016 posts
- 10. Usha 26.9K posts
- 11. Happy Halloween 249K posts
- 12. Rantanen N/A
- 13. #PitDark 6,210 posts
- 14. #WomensWorldCup2025 34.9K posts
- 15. Vance 303K posts
- 16. Sydney Sweeney 95.6K posts
- 17. #INDWvsAUSW 66.1K posts
- 18. Peter Berg 1,461 posts
- 19. Kristol 1,242 posts
- 20. Sidney 19K posts
Loading...
Something went wrong.
Something went wrong.