Information about this XSS:The XSS will be fired in the toast message. Also, it seems like you have to open the homepage (https://codejam.withgoogle.com/2018/challenges/) at least once before visiting other pages there. POC: https://codejam.withgoogle.com/2018/challenges/0000000000007766/scoreboard/for/%3Cimg%20src=x%20onerror=alert(document.domain)%3E CSP: Due to CSP, this XSS will fire only in browsers where it’s not supported (i.e. IE). …
Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org
Video: Steps to reproduce: 1. Create a Polymer element and publish it to github2. Set the repo homepage URL to: javascript:alert(document.domain)3. Publish it via https://www.webcomponents.org/publish4. Go to the element’s webcomponents.org page and click the homepage link What can you do with this XSS: It’s possible if the user has authenticated …
Stored Angular XSS in Mall.cz
https://www.mall.cz/wishlists/1kvjvao6 https://www.openbugbounty.org/reports/630985/ Problems: XSS (stored) Reward: None Fixed: Yes < back to the list of web vulns
Easy way to auto-refresh POP3 accounts in Gmail every 5 minutes
► IFTTT: https://ifttt.com ► IFTTT Applet: https://ifttt.com/applets/77548998d-i… ► Feed URL: http://lorem-rss.herokuapp.com/feed?u… ► Email address format: mailchecker_DELETETHIS@yourDomainName.com ► Email title: mailchecker_DELETETHIS ► Body: POP3 mailchecker_DELETETHIS from ifttt.com ► Gmail filter: to:(mailchecker_DELETETHIS@yourDomainName.com)
Angular XSS vulnerability on McDonalds.com
I reported this vulnerability on https://www.openbugbounty.org/reports/608322/ Previous fixed vulnerabilities on mcdonalds.com: https://www.openbugbounty.org/reports/481416/ < back to the list of web vulns