Kimberly  

Random story....

One of my favorite low-effort hacks was when I used a type2 XSS injection of <marquee> into a work ticket so the appdev team had to chase the entire ticket across the screen to get to the close button.

The devs said "How? We blocked scripts!"

1
Kimberly  

Even more fun, when they "blocked scripts" they only removed "<scr1pt>" in a single pass, so I injected "<scr<scr1pt>ipt>" and chaos ensued.

Then they switched to ColdFusion's native XSS protection, so I used "<body onload.." and yay more XSS.

Good times. Now I'm a PM.

1+
Kimberly
Follow

Lol I had to change the i's to 1's in the word "script." I blame @th3j35t3r.

· 0· 0· 2
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…