all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Don’t Give Up On XSS! | Fun Firefox XSS

Add to bookmarks
Feb. 1, 2023, 9:37 a.m. | Fırat

InfoSec Write-ups - Medium infosecwriteups.com

There’s always a way to exploit xss in different contexts

Story

I got an invite from a private program on hackerone and started searching for some vulnerabilites. After a while of searching, i found an url that had some interesting parameters. One of my inputs were reflecting inside of an hidden input tag.

<input type="hidden" name="SourceName" id="SourceName" value="hey">

So i tried to espace the value attribute by adding a quote, and i was able escape it succesfully. Now the catch …

bug bounty cybersecurity don escape exploit firefox fun hackerone hey hidden infosec input inputs name private program reflecting tag url value xss xss-attack

Visit resource

More from infosecwriteups.com / InfoSec Write-ups - Medium

Tutorial on x86 Architecture: From Basics to Cybersecurity Links 1 day, 8 hours ago | infosecwriteups.com
architecture basics components continue +14
NTFS Filesystem: Alternate Data Stream (ADS) 1 day, 8 hours ago | infosecwriteups.com
filesystem forensics ntfs security +1
Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus 1 day, 8 hours ago | infosecwriteups.com
hacker hacking hacking tools linux +1
Breaking Safeguards: Unveil “Many-Shot Jailbreaking” a Method to Bypass All LLM Safety Measures 1 day, 8 hours ago | infosecwriteups.com
artificial intelligence breaking bypass chatgpt +15
XSS Unpacked: What It Is, How It Works, and How to Stop It 1 day, 8 hours ago | infosecwriteups.com
cybersecurity script-injection secure coding web security +1
How I Hack Web Applications (Part 1) 1 day, 8 hours ago | infosecwriteups.com
application security bug bounty ethical hacking infosec +1
Storm Breaker: Unveiling the Power of the Social Engineering Tool 1 day, 8 hours ago | infosecwriteups.com
capabilities continue cybersecurity engineering +12
CVE-2024–3400: A Critical Vulnerability in PAN-OS Firewalls 1 day, 8 hours ago | infosecwriteups.com
bug bounty command command injection critical +13
If You Want To Be A CISO Then Read This First … 1 day, 8 hours ago | infosecwriteups.com
career advice careers ciso cybersecurity +6

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Cybersecurity Consultant- Governance, Risk, and Compliance team

@ EY | Tel Aviv, IL, 6706703
View on infosec-jobs.com

Professional Services Consultant

@ Zscaler | Escazú, Costa Rica
View on infosec-jobs.com

IT Security Analyst

@ Briggs & Stratton | Wauwatosa, WI, US, 53222
View on infosec-jobs.com

Cloud DevSecOps Engineer - Team Lead

@ Motorola Solutions | Krakow, Poland
View on infosec-jobs.com
View more jobs