-
Hi,
I'm pretty much a JavaScript newbie.. The only JavaScript I write is to prove the existence of XSS when there's bad server-side input validation, so `alert(document.cookie);` is about as compli…
decal updated
6 years ago
-
## XSS攻击
XSS (Cross-site scripting) 允许恶意web用户将代码植入到提供给其它用户使用的页面中。其实在web前端方面,可以简单的理解为一种javascript代码注入, 精髓不在于“跨站”,在于“脚本”
```js
// 文本
$username = "alert('侯医生');";
$username = "\u003cscri…
-
**Test Environment**
Google Chrome - Version 75.0.3770.142 (Official Build) (64-bit)
**Description**
A malicious actor may insert and finally execute malicious Javascript code.
**Steps to repr…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
Hi!
I discovered an XSS on the jsbin.com domain.
https://output.jsbin.com/jeyabud/
How does it work?
1. The app looks for `last` property in `document.cookie` to assign the "last" URL to t…
-
- Site: [https://test.educationdataexchange.gov.bc.ca](https://test.educationdataexchange.gov.bc.ca)
**New Alerts**
- **CSP: Wildcard Directive** [10055] total: 4:
- [https://test.educationd…
-
- Site: [http://dev-drr-emcr.apps.silver.devops.gov.bc.ca](http://dev-drr-emcr.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **A Client Error response code was returned by the server** [100000]…
-
Need challenges for some of the below-mentioned list
https://public-firing-range.appspot.com/dom/toxicdom/document/cookie_set/eval
https://public-firing-range.appspot.com/dom/toxicdom/document/refe…
-