all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Can you spot the vulnerability? #16022023 — Intigriti

Add to bookmarks
March 8, 2023, 7:31 p.m. | Prasanth Bodepu

InfoSec Write-ups - Medium infosecwriteups.com

Can you spot the vulnerability? #16022023 — Intigriti

Given Code Snippet:

Code review:

easy-eval.js

if (window.debug) {
    eval(window.debug.toString()); //using eval at DOM element with id "debug"
  //only a and area tag can be used in attack as they are capable of using href attribute. toString get only that attribute
}

easy-xss.js

const pos = document.URL.indexOf('name=') + 5; //user input
const name = document.URL.substring(pos, document.URL.length)// just paring GET parameteres
const container = document.getElementById('container');
container.innerHTML = decodeURI(name); // no proper sanitization

index.html …

bug bounty information security intigriti vulnerability xss-attack xss-vulnerability

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Private Interact.sh server setup with a web dashboard 2 days, 4 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking tools +1
Understanding 403 Bypass: A Critical Vulnerability in Web Application Security 3 days, 4 hours ago | infosecwriteups.com
403 bypass access application applications +28
Hack Stories: Hacking Hackers EP:3 4 days, 4 hours ago | infosecwriteups.com
big bug bounty cybersecurity hack +9
Mastering Shodan Search Engine 5 days, 6 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity information security +1
Email Verification Bypass via Remember Me 5 days, 6 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking pentesting +1
Exploiting Symlinks: A Deep Dive into CVE-2024–28185 and CVE-2024–28189 of Judge0 Sandboxes 5 days, 6 hours ago | infosecwriteups.com
attacks code code execution continue +15
Typo Trouble: Exploring the Telegram Python RCE Vulnerability 5 days, 6 hours ago | infosecwriteups.com
address alerts application concept +25
Active DNS Recon using AXIOM 5 days, 6 hours ago | infosecwriteups.com
bug bounty bug-bounty-tips cybersecurity infosec +1
Information Disclosure: Story of 500€ + 400$ Bounty 5 days, 6 hours ago | infosecwriteups.com
bug bounty cybersecurity hacking information technology +1

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States
View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India
View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone
View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA
View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs