Kimberly  

Random story....

One of my favorite low-effort hacks was when I used a type2 XSS injection of <marquee> into a work ticket so the appdev team had to chase the entire ticket across the screen to get to the close button.

The devs said "How? We blocked scripts!"

1
Kimberly  

Even more fun, when they "blocked scripts" they only removed "<scr1pt>" in a single pass, so I injected "<scr<scr1pt>ipt>" and chaos ensued.

Then they switched to ColdFusion's native XSS protection, so I used "<body onload.." and yay more XSS.

Good times. Now I'm a PM.

1+
🍻 beerdini 🍻  

@kimmy
Cold Fusion... now that is a name I haven't seen in a long time

1
Kimberly  

@Beerdini don't say it a third time or it will come back!

1
🍻 beerdini 🍻
Follow

@kimmy
Nah... it was bought by Adobe, like so many other decent programs before they get worse and die

· 0· 0· 1
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…