pull down to refresh
2554 sats \ 14 replies \ @carter 15 Mar \ on: Can you spot the XSS vulnerability? security
You can write a script tag into the page with a specially crafted filter? https://example.com/index.php?filter[<script>alert('Hacked')</script>]=value
reply
I did look up the documentation for the php functions and was testing if it actually was the hack with a wasm php thing so I appreciate it. I did feel dumb when they pointed out that the tweet had the answer when i even signed up for the blog to try and see if the answer was there
reply
you can also break it up into multiple categories and url encode because $_GET handles that. this would look normal to the user in the ui rendering as You're currently filtering by "category"
I still dont know what they wouldn't see
reply
if that's so then @WeAreAllSatoshi got it right. But I agree with @ek, this is not something that would be missed by most bug hunters 😂
reply
reply
I'd have paid the bounty to @WeAreAllSatoshi myself if you wouldn't have. Thanks for being cool and paying it out twice.
reply
@ek and I are buds, he wouldn't do me like that
reply
reply
reply