How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States Tendências
- 1. Happy Halloween 1.58M posts
- 2. YouTube TV 25.1K posts
- 3. ESPN 62.3K posts
- 4. Hulu 21.1K posts
- 5. #SwapSilently 2,031 posts
- 6. YTTV 1,150 posts
- 7. #FanCashDropPromotion N/A
- 8. Parker Washington N/A
- 9. Fubo 2,147 posts
- 10. Trick or Treat 377K posts
- 11. Dearborn 10.1K posts
- 12. #FridayVibes 4,451 posts
- 13. Reformation Day 3,289 posts
- 14. #FursuitFriday 11.6K posts
- 15. #SpookySeason 6,900 posts
- 16. Happy Birthday Mama V N/A
- 17. Good Friday 46.1K posts
- 18. DirecTV N/A
- 19. Mary Ann 1,695 posts
- 20. Sling 2,897 posts
Loading...
Something went wrong.
Something went wrong.