Respect XSS
Wednesday, June 14, 2017
A Look at CVE-2017-8514 --- SharePoint's `Follow` Feature XSS
›
TL;DR: All your SharePoint installations are belong to us. The XSS (worth $2500) affecting both on-premises and online version looks lik...
Sunday, April 17, 2016
Gone in Few Hours: Infooby's Fake or Questionable Bug Bounty Program
›
Bug bounty programs are great in many folds: learning perspective, monetary benefits for bug hunters and a step towards safe and secure we...
12 comments:
Wednesday, April 6, 2016
Pairing Single Quotes
›
During pentest, I came across an interesting and unusual case where developers're trying to escape a single quote ( ' ) via a sing...
8 comments:
Sunday, February 28, 2016
Stored, Reflected and DOM XSS in Google for Work Connect (GWC)
›
Google for Work Connect ( GWC ) is "a community for system/application administrators and partners". GWC is in scope for Google ...
11 comments:
Sunday, February 14, 2016
Keep An Eye On $.html, $.get and $.ajax Functions
›
The $.html(), $.get() and $.ajax() are potential XSS venues. Some of you're already aware of this but lets see real life examples ...
4 comments:
Sunday, February 7, 2016
Find The Root Cause
›
This time instead of publishing a new blog post, I present two real life XSS example cases from the wild. I already XSSed both cases for y...
1 comment:
Sunday, January 31, 2016
The Magic of Connecting The Dots
›
Macy's ( http://www.macys.com/ ) calls itself "the magic of macy's" (at least the word magic is mentioned on their main ...
2 comments:
›
Home
View web version