pull down to refresh

2554 sats \ 14 replies \ @carter 15 Mar \ on: Can you spot the XSS vulnerability? security

You can write a script tag into the page with a specially crafted filter? https://example.com/index.php?filter[

<script>

alert('Hacked')

</script>

]=value

write
preview
0 sats \ 1 reply \ @ek OP 3 Apr

I don't know if you looked up the solution, but you were the first one who posted the exploit code, so I'll also pay you next to #914079

reply
100 sats \ 0 replies \ @carter 3 Apr

I did look up the documentation for the php functions and was testing if it actually was the hack with a wasm php thing so I appreciate it. I did feel dumb when they pointed out that the tweet had the answer when i even signed up for the blog to try and see if the answer was there

reply
0 sats \ 1 reply \ @carter 15 Mar

https://example.com/index.php?filter[category%3Cscript%3Ealert%28%27Ha]=value&filter[cked%27%29%3C%2Fscript%3E]=val

you can also break it up into multiple categories and url encode because $_GET handles that. this would look normal to the user in the ui rendering as You're currently filtering by "category"

I still dont know what they wouldn't see

reply
0 sats \ 0 replies \ @sox 16 Mar

Yeah that 'oversee' part threw me off but it's the first thing you see ^^

reply
0 sats \ 9 replies \ @Scroogey 15 Mar

deleted by author

reply
100 sats \ 5 replies \ @optimism 16 Mar

if that's so then @WeAreAllSatoshi got it right. But I agree with @ek, this is not something that would be missed by most bug hunters 😂

reply
100 sats \ 4 replies \ @ek OP 3 Apr

lol that was indeed the case

but maybe the hard part was to actually exploit it, not just see that it could be exploited

reply
100 sats \ 3 replies \ @optimism 3 Apr

I'd have paid the bounty to @WeAreAllSatoshi myself if you wouldn't have. Thanks for being cool and paying it out twice.

reply
100 sats \ 2 replies \ @WeAreAllSatoshi 3 Apr

@ek and I are buds, he wouldn't do me like that

reply
100 sats \ 1 reply \ @optimism 3 Apr

In that case thanks for being cool to @carter

reply
100 sats \ 0 replies \ @WeAreAllSatoshi 3 Apr

Agree. @ek's cool, he wouldn't do that to anyone.

My previous comment makes it sound like @ek and I were in on it together, which was definitely not the case. We've just developed a rapport over time here on SN

reply
0 sats \ 0 replies \ @ek OP 16 Mar

damn, can't access, returns 429 Too Many Requests currently

reply
0 sats \ 0 replies \ @carter 15 Mar

i was gonna ask if the answer was already given... it did get me to signup for that newsletter. my tin foil hat assumed this post is an ad

reply
0 sats \ 0 replies \ @nitter 15 Mar
reply