Video: Steps to reproduce: 1. Create a Polymer element and publish it to github2. Set the repo homepage URL to: javascript:alert(document.domain)3. Publish it via https://www.webcomponents.org/publish4. Go to the element’s webcomponents.org page and click the homepage link What can you do with this XSS: It’s possible if the user has authenticated …
Stored Angular XSS in Mall.cz
https://www.mall.cz/wishlists/1kvjvao6 https://www.openbugbounty.org/reports/630985/ Problems: XSS (stored) Reward: None Fixed: Yes < back to the list of web vulns
SQLi at Maxon
Vulnerable URL: https://reg.maxon-campus.net/login/forgotpassword.php If you enter ‘ (a single quote) into the input field, it’ll show: query failed1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ””’ at line 1 Summary: …
Easy way to auto-refresh POP3 accounts in Gmail every 5 minutes
► IFTTT: https://ifttt.com ► IFTTT Applet: https://ifttt.com/applets/77548998d-i… ► Feed URL: http://lorem-rss.herokuapp.com/feed?u… ► Email address format: mailchecker_DELETETHIS@yourDomainName.com ► Email title: mailchecker_DELETETHIS ► Body: POP3 mailchecker_DELETETHIS from ifttt.com ► Gmail filter: to:(mailchecker_DELETETHIS@yourDomainName.com)
Angular XSS vulnerability on McDonalds.com
I reported this vulnerability on https://www.openbugbounty.org/reports/608322/ Previous fixed vulnerabilities on mcdonalds.com: https://www.openbugbounty.org/reports/481416/ < back to the list of web vulns