-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Is this for the reflected xss with filter challenge?
-
It was for "Reflected XSS in a JavaScript URL with some characters blocked", but I solved with much cleaner payload (thinking that you actually had to run alert(1337)), My solution is as the image below. I used location.href to smuggle alert(1337) as string
pic.twitter.com/bChqZffOrb
Kraj razgovora
Novi razgovor -
-
-
Spoopy stuff! Did you see these very minimal alternate sets?https://twitter.com/XssPayloads/status/996041259662893056 …
-
Yeah, the simplest one is just: location=name when setting name="javascript:alert()" somewhere or location=/javascript:/.source+location and %0aalert() at the end of URL. The goal here was to produce () characters, which is not easy.https://www.reddit.com/r/Slackers/comments/ex5mmt/cool_ways_to_generate_strings_in_javascript/fg6rrmt/ …
Kraj razgovora
Novi razgovor -
-
-
Root-me has a challenge like this too.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.