Open in app

Sign In

Write

Sign In

Dipendra Shrestha
Dipendra Shrestha

4 Followers

Home

About

Pinned

In-depth write-up of BugPoC’s XSS Challenge

tl;dr Directly accessing frame.html to bypass the removal of dangerous characters and setting the window.name property to “iframe” so as to not get the error of “not loading the page in an iframe”. Injecting closing </title> tag to inject HTML into the body and injecting <base href=”our_domain”> to bypass CSP…

7 min read

In-depth write-up of BugPoC’s XSS Challenge
In-depth write-up of BugPoC’s XSS Challenge

7 min read

Dipendra Shrestha

Dipendra Shrestha

4 Followers
Following
  • terjanq

    terjanq

  • Renwa

    Renwa

  • d0nut

    d0nut

  • Arbaz Hussain

    Arbaz Hussain

  • Ron

    Ron

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech