Showing 16 Result(s)

Reflected XSS in Google Code Jam

Information about this XSS:The XSS will be fired in the toast message. Also, it seems like you have to open the homepage (https://codejam.withgoogle.com/2018/challenges/) at least once before visiting other pages there. POC: https://codejam.withgoogle.com/2018/challenges/0000000000007766/scoreboard/for/%3Cimg%20src=x%20onerror=alert(document.domain)%3E CSP: Due to CSP, this XSS will fire only in browsers where it’s not supported (i.e. IE). …

Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org

Video:   Steps to reproduce: 1. Create a Polymer element and publish it to github2. Set the repo homepage URL to: javascript:alert(document.domain)3. Publish it via https://www.webcomponents.org/publish4. Go to the element’s webcomponents.org page and click the homepage link     What can you do with this XSS: It’s possible if the user has authenticated …