Hackers, do you consider injecting a <img /> tag with your src in a backend panel a security vulnerability? If so, what's the exploit?
-
-
e.g. <img src=http://hackerone.internal/buntypls?method=_put&user=avlidienbrunn&amount=1billion>
-
sleeping puppy XSS could be interesting to use in that case too. so you know when the backend execute the code.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.