Recent
Fetch Diversion
·2251 words·11 mins
articles
bug bounty
fetch diversion
xss
API calls and requests for resources can sometimes be diverted toward a different endpoint on the same host, potentially resulting in DOM XSS’s that would otherwise be impossible to trigger, or other types of client-side vulnerabilities.
Intigrity December XSS Challenge
·1353 words·7 mins
write-ups
ctf
xss
Using hashchange events to control a vulnerable page and escalate an otherwise mostly harmless DOM XSS.
BugPoC Wacky XSS Challenge
·1883 words·9 mins
write-ups
ctf
xss
dom clobbering
Bypassing CSP and SRI with HTML injection and DOM Clobbering.