Latest Posts
-
DOM XSS via Weak Cookie Parsing Regex: Smuggling Cookie Names Inside Other Cookie Values
Hi everyone, In this post I want to share a useful bug bounty technique I came across while hunting for DOM XSS. If you find a DOM-based XSS that depends on a specific cookie value, don’t rush trying to figure… Continue reading
-
DOM XSS: Bypassing Server-side Cookie Overwrite, Chrome innerHTML Quirk, and JSON Injection
Hi everyone in this post I walk through three DOM-XSS findings I discovered while hunting on a bug-bounty program: a cookie-scoped bypass of server cookie overwrites, a Chrome innerHTML quirk, and a JSON injection that can overwrite window. Cookie-based DOM… Continue reading
-
Exploiting XSS: PostMessage Source Check Bypass, Parameter Smuggling, WAF Bypass via Hash Tricks, hostname validation bypass using dot trailing, and UserWay XSS via QuerySelector Injection
Bypassing Source Check on postMessage to Achieve XSS While hunting on a bug bounty program, I found a page with an onmessage tracker handling cross-origin communication via the postMessage API. The page had a critical flaw: it lacked scheme validation… Continue reading
-
XSS Vulnerabilities in Excalidraw Affecting Meta (CVE-2024-32472)
Hello everyone, In this post, I’ll be discussing a cross-site scripting (XSS) vulnerabilities I discovered in Excalidraw, an open-source collaborative whiteboard tool that’s used by various Facebook assets. Excalidraw has around 81,000 stars on GitHub and is a popular choice… Continue reading
-
Turning Self-XSS into Stored XSS: Unraveling the Power of Web Cache Poisoning in JSP Applications
In this write-up, I will explain how I successfully transformed a Self-XSS (Cross-Site Scripting) vulnerability into a Stored XSS vulnerability in a JSP (JavaServer Pages) application. During my investigation, while scouring web archives for JSP files related to the target,… Continue reading
-
Exploring 7 techniques for bypassing redirect filters
Hello fellow Bug Bounty Hunters, In this write-up, I’d like to share my insights into several methods for bypassing redirect filters, potentially resulting in account takeover. Bypassing the OAuth filter using Path-URI open redirect I had previously reported a vulnerability… Continue reading
-
Stored XSS Vulnerabilities in Messages: Outlook Web and Outlook Android App
Hello everyone, this is my first write-up, and I will be sharing my findings in Outlook with you in this article. XSS Stored on outlook.live.com Many email services, like Gmail, Outlook, Yahoo, and others, follow email RFC protocols, which permit HTML content within… Continue reading
El Mehdi Mrhassel 