How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States เทรนด์
- 1. #DWTS 36.2K posts
- 2. Virginia 438K posts
- 3. New York 804K posts
- 4. Sixers 11.6K posts
- 5. Maxey 7,260 posts
- 6. Jay Jones 79.7K posts
- 7. Mamdani 1.01M posts
- 8. Andy 62.3K posts
- 9. #Election2025 13.1K posts
- 10. Whitney 10.8K posts
- 11. Alix 6,954 posts
- 12. Cuomo 364K posts
- 13. Louisville 120K posts
- 14. Josh Giddey 3,355 posts
- 15. Danielle 9,284 posts
- 16. WOKE IS BACK 17.9K posts
- 17. #WWENXT 13K posts
- 18. Elaine 62K posts
- 19. Mikie Sherrill 78.4K posts
- 20. RIP NYC 9,740 posts
Loading...
Something went wrong.
Something went wrong.