all InfoSec news
Can you spot the vulnerability? #16022023 — Intigriti
March 8, 2023, 7:31 p.m. | Prasanth Bodepu
InfoSec Write-ups - Medium infosecwriteups.com
Can you spot the vulnerability? #16022023 — Intigriti
Given Code Snippet:
Code review:
easy-eval.js
if (window.debug) {
eval(window.debug.toString()); //using eval at DOM element with id "debug"
//only a and area tag can be used in attack as they are capable of using href attribute. toString get only that attribute
}
easy-xss.js
const pos = document.URL.indexOf('name=') + 5; //user input
const name = document.URL.substring(pos, document.URL.length)// just paring GET parameteres
const container = document.getElementById('container');
container.innerHTML = decodeURI(name); // no proper sanitization
index.html …
bug bounty information security intigriti vulnerability xss-attack xss-vulnerability
More from infosecwriteups.com / InfoSec Write-ups - Medium
Private Interact.sh server setup with a web dashboard
2 days, 4 hours ago |
infosecwriteups.com
Hack Stories: Hacking Hackers EP:3
4 days, 4 hours ago |
infosecwriteups.com
Mastering Shodan Search Engine
5 days, 6 hours ago |
infosecwriteups.com
Email Verification Bypass via Remember Me
5 days, 6 hours ago |
infosecwriteups.com
Active DNS Recon using AXIOM
5 days, 6 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Security Officer Hospital Laguna Beach
@ Allied Universal | Laguna Beach, CA, United States
Sr. Cloud DevSecOps Engineer
@ Oracle | NOIDA, UTTAR PRADESH, India
Cloud Operations Security Engineer
@ Elekta | Crawley - Cornerstone
Cybersecurity – Senior Information System Security Manager (ISSM)
@ Boeing | USA - Seal Beach, CA
Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas
@ Goldman Sachs | Dallas, Texas, United States