How I found DOM XSS via postMessage on bing.com and received a reward by Microsoft Bug Bounty namcoder.com/blog/how-i-fou… #microsoft #bugbounty #bugbountytips
like in which position u are trying to trigger it with postMessage('message', '*'), how do u debug it then exploit it? like how u check do if the code is vulnerable, it's a bit hard for me to understand, like i found one there wasn't dangerous source and any origin and didn't pop
Yes. Put the breakpoint inside the listener on the “Sources” tab. Then send the test postMessage({},’*’) on the “Console” tab. You should have some knowledge about the JavaScript to debug. When you send the postmessage, it will trigger the breakpoint
United States 趋势
- 1. #GrandEgyptianMuseum 25.9K posts
- 2. #GEM𓅓 7,181 posts
- 3. #Talus_Labs 1,018 posts
- 4. #capcutlovers N/A
- 5. Game 7 1,460 posts
- 6. Happy New Month 180K posts
- 7. jungkook 807K posts
- 8. Nigeria 422K posts
- 9. Kawhi 8,390 posts
- 10. vmin 4,637 posts
- 11. GenG 11.6K posts
- 12. Ja Morant 5,868 posts
- 13. #RUNSEOKJIN_epTOUR_ENCORE 341K posts
- 14. Barger 6,139 posts
- 15. Glasnow 6,857 posts
- 16. Shirley Temple N/A
- 17. Tinubu 46.4K posts
- 18. Justin Dean 2,688 posts
- 19. Halloween 2025 192K posts
- 20. Rojas 11.4K posts
Loading...
Something went wrong.
Something went wrong.