How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States Xu hướng
- 1. Animal Crossing 8,378 posts
- 2. #Scream7 6,820 posts
- 3. 5sos 10.4K posts
- 4. Happy Halloween Eve 2,728 posts
- 5. #TheFirstDayandNight N/A
- 6. #PitDark 2,770 posts
- 7. Good Thursday 32.6K posts
- 8. Super Sentai 2,919 posts
- 9. Blake Butera N/A
- 10. Melissa Barrera 2,574 posts
- 11. Rickey 1,525 posts
- 12. #ThursdayThoughts 3,182 posts
- 13. Sidney 10.3K posts
- 14. ACNH 2,823 posts
- 15. #thursdayvibes 3,471 posts
- 16. Tomorrow is Halloween 2,926 posts
- 17. Happy Friday Eve N/A
- 18. Usha 14.9K posts
- 19. $META 40.5K posts
- 20. mamamoo 19.8K posts
Loading...
Something went wrong.
Something went wrong.