all InfoSec news
Don’t Give Up On XSS! | Fun Firefox XSS
InfoSec Write-ups - Medium infosecwriteups.com
There’s always a way to exploit xss in different contexts
Story
I got an invite from a private program on hackerone and started searching for some vulnerabilites. After a while of searching, i found an url that had some interesting parameters. One of my inputs were reflecting inside of an hidden input tag.
<input type="hidden" name="SourceName" id="SourceName" value="hey">
So i tried to espace the value attribute by adding a quote, and i was able escape it succesfully. Now the catch …
bug bounty cybersecurity don escape exploit firefox fun hackerone hey hidden infosec input inputs name private program reflecting tag url value xss xss-attack