-
I published yet another
#xssearch article about Cache Probing Attack! Today I discovered that the report has been indexed by crawlers, so I reached out to@sirdarckcat and with his approval, created a short article about my findings :) https://medium.com/@terjanq/massive-xs-search-over-multiple-google-products-416e50dd2ec6 …#bugbountytips -
Today is the day when Chrome switched from default XXP block mode to filter one. I have written a short article demonstrating how to turn this "fix" into executing XSS basing on my write-up from the latest angstrom CTF. https://medium.com/@terjanq/xss-auditor-the-protector-of-unprotected-f900a5e15b7b …
#XSSearch#XSLeaks#bugbountytipPrikaži ovu nit -
I learned this week how I can perform an error-based
#xssearch without using any#javascript! It takes advantage of *alternative text* when an object cannot be rendered and then styling it with a *custom font*. My full payload to the chall: https://gist.github.com/terjanq/33bbb8828839994c848c3b76c1ac67b1 …#xsleakspic.twitter.com/3CGE6m8jgJ
-
#Xssearch is what the web platform security will struggle with after we fix the more popular problems like#XSS. This should be in@owasp top 10 2025 when we actually know what to do with it. I don't think all realize yet how serious the issue is. https://sites.google.com/site/bughunteruniversity/nonvuln/xsleaks …Prikaži ovu nit -
My third #Xssearch report. https://hackerone.com/reports/505424 . This time user identification by using onload/onerror events.#XSLeaks#bugbountytipPrikaži ovu nit -
I started writing solutions to my challenges on
#justctf quite a time ago but haven't had enough time to finish it. I decided to publish these very chaotic writeups to Dominoes, Scam Generator and p&q service.#xssearch#bugbountytiphttps://hackmd.io/@terjanq/justctf_writeups …Prikaži ovu nit -
Protected tweets leakage through URL detection
#XSSearch#BugBountyhttps://hackerone.com/reports/491473 -
#Safari : la fonction anti-tracking d'#Apple aurait permis une fuite de données... depuis 2017 ? https://blog.sosordi.net/2020/01/safari-la-fonction-anti-tracking-dapple-aurait-permis-une-fuite-de-donnees-depuis-2017.html …#ITP#Google#securite#faille#XSSearch pic.twitter.com/G82Xdl6SFY
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.