all InfoSec news
Rxss inside href attribute - Bypassing lots of weird checks to takeover accounts!
March 10, 2023, 7:07 p.m. | Ashutosh Dutta
InfoSec Write-ups - Medium infosecwriteups.com
Here is the final payload after bypassing all the weird checks —
javascript://;%250a+alert(document.cookie,%27\\@www.redacted.com/%27)
In case you are still curious about how/why this payload and the methodology, make sure to read the write-up till the end where I have explained everything in detail : )
BackgroundI was hacking on a private program. It had two assets in scope — www.redacted.com and my.redacted.com (“redacted” — the word is used in place of the real domain name for privacy …
accounts bug bounty bugs bypassing hackerone hacking takeover weird xss-attack
More from infosecwriteups.com / InfoSec Write-ups - Medium
Private Interact.sh server setup with a web dashboard
1 day, 21 hours ago |
infosecwriteups.com
Hack Stories: Hacking Hackers EP:3
3 days, 21 hours ago |
infosecwriteups.com
Mastering Shodan Search Engine
4 days, 22 hours ago |
infosecwriteups.com
Email Verification Bypass via Remember Me
4 days, 22 hours ago |
infosecwriteups.com
Typo Trouble: Exploring the Telegram Python RCE Vulnerability
4 days, 22 hours ago |
infosecwriteups.com
Active DNS Recon using AXIOM
4 days, 22 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Associate Compliance Advisor
@ SAP | Budapest, HU, 1031
DevSecOps Engineer
@ Qube Research & Technologies | London
Software Engineer, Security
@ Render | San Francisco, CA or Remote (USA & Canada)
Associate Consultant
@ Control Risks | Frankfurt, Hessen, Germany
Senior Security Engineer
@ Activision Blizzard | Work from Home - CA