all InfoSec news
Don’t Give Up On XSS! | Fun Firefox XSS
Feb. 1, 2023, 9:37 a.m. | Fırat
InfoSec Write-ups - Medium infosecwriteups.com
There’s always a way to exploit xss in different contexts
Story
I got an invite from a private program on hackerone and started searching for some vulnerabilites. After a while of searching, i found an url that had some interesting parameters. One of my inputs were reflecting inside of an hidden input tag.
<input type="hidden" name="SourceName" id="SourceName" value="hey">
So i tried to espace the value attribute by adding a quote, and i was able escape it succesfully. Now the catch …
bug bounty cybersecurity don escape exploit firefox fun hackerone hey hidden infosec input inputs name private program reflecting tag url value xss xss-attack
More from infosecwriteups.com / InfoSec Write-ups - Medium
Subdomain takeover via AWS s3 bucket
4 days, 9 hours ago |
infosecwriteups.com
Understanding the CrowdStrike 2024 Global Threat Report
4 days, 9 hours ago |
infosecwriteups.com
Prevent Cross-Site Scripting Attacks in Node.js
4 days, 9 hours ago |
infosecwriteups.com
HTB: Bizness walkthrough
4 days, 9 hours ago |
infosecwriteups.com
CozyHosting HTB Easy | Walkthrough
4 days, 9 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)