Back to directory
WRITEUP #1211

A smorgasbord of a bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF…

XSSpostMessageJSONPDOM XSSCORS misconfigurationCSRFWAF bypass
by@jub0bs(Julien Cretel)
Bounty
200
Program
-
Published
May 5, 2023
Added to HackDex
May 6, 2023
Read Full Writeuphttps://jub0bs.com/posts/2023-05-05-smorgasbord-of-a-bug-chain/
RELATED WRITEUPS
Lessons Learned From Exposing Unusual XSS Vulnerabilities
XSSDOM XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
How Almost Sacrificing a University Group Project led to a Microsoft Bug Bounty
XSSCSRF
Universal Code Execution by Chaining Messages in Browser Extensions
XSSUniversal XSS
Self-XSS to ATO via Site Features
XSSSelf-XSS

Built with ❤️ by Shubham Rawat