Neurohazard
Our democracy have been h4ck3d.

【Bug Bounty 阅读笔记】【hackerone】 imgur XSS #484434

wpadmin~March 11, 2019 /InfoSec

Hackerone 报告阅读笔记 imgur XSS #484434

报告笔记

首先注意到服务端会对 <> 进行过滤。
不过 Gid Sumaya (giddsec) 发现可以通过对 <, > HTML 实体编码绕过 过滤防御机制。

一个有效的 payload 如下

参考资料

https://hackerone.com/reports/484434#

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Web Statistics
普人特福的博客cnzz&51la for wordpress,cnzz for wordpress,51la for wordpress