-
-
-
I often use this trick when I attack any server side sanitizer. But I didn't know that the inconsistante state happens via "JS APIs" until recently. Did you know that? :)
- Još 5 drugih odgovora
Novi razgovor -
-
-
This reminds, my XSS vuln found XSS in 2013 in Google Search Did you mean, Google+ Search, Google Help search, anywhere the spell gets auto correct it will execute my JS.https://twitter.com/SandeepL337/status/662606314292416512?s=19 …
-
I know blog UI is outdated, but you can find more details here http://www.sandeepkamble.com/skl337/tag/google-xss-translator/ …
Kraj razgovora
Novi razgovor -
-
-
they fixed it really fast because you reported it or because they have monitoring in place for such cases?
-
I think kinguawamasato reported it so he could get the the bug bounty.
- Još 1 odgovor
Novi razgovor -
-
-
achievement unlocked: hacking google
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
You brought me here. This one is on you,
@LiveOverflow ! :DHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Fwiw, div.innerHTML = ""; div.appendChild(template.content.cloneNode(true)); would have prevented it (or, with Closure Library, using div.appendChild(processToTree(html)) rather than div.innerHTML = processToString(html)).https://twitter.com/LiveOverflow/status/1112323055127191552 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Interessante
Kraj razgovora
Novi razgovor
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.