@DOMXss profile picture
DOM XSS @DOMXss

We retweet your #DOMXSS news and findings

Joined March 2011
  • Tweets 462
  • Following 0
  • Followers 1,612
Photos and videos
DOM XSS retweeted
XSS Payloads@XssPayloads
3 Aug 2018
Coinbase AngularJS DOM XSS via Kiteworks: nice write-up by @PaulosYibelo bit.ly/2Mfb3SZ
52
117
DOM XSS retweeted
koto@kkotowicz
23 Oct 2018
DOM #XSS, it's time to say goodbye. See the newest status update on Trusted Types, delivered at #w3ctpac. The simplest polyfill is a tiny TrustedTypes={createPolicy:(n,rules)=>rules} (yes, that can help end DOM XSS), but there's so much more good news! Https://tinyurl.com/tttpac

2
47
98
DOM XSS retweeted
payloadartist@payloadartist
3 Dec 2018
Writeup: DOM Based XSS in Alibaba's *.ucweb.com by @sudhanshur705 medium.com/@sudhanshur705/st… #bugbounty #infosec #pentest #exploit #PoC #cybersecurity #hacking

Story about my first bug bounty

2 Dom Based XSS in ucweb.com

sudhanshur705.medium.com
3
55
148
DOM XSS retweeted
ISWAT@ISWATLAB
22 Dec 2018
[RecentQuestions] Is this code vulnerable to DOM based XSS jquery animate? dlvr.it/Qv7wRy [sec.stackexchange]
2
3
DOM XSS retweeted
Emad Shanab - أبو عبد الله@Alra3ees
30 Dec 2018
DOMXSSHilight:- Burp Extension in Python hilighting DOM Sinks and Sources using DOM XSS Wiki regex. github.com/sechacking/DOMXSS…

GitHub - sechacking/DOMXSSHilight: Burp Extension in Python hilighting DOM Sinks and Hosts using...

Burp Extension in Python hilighting DOM Sinks and Hosts using DOM XSS Wiki regex - sechacking/DOMXSSHilight

github.com
1
14
37
DOM XSS retweeted
JSFoo@jsfoo
27 Oct 2018
"At @GoogleVRP, DOM based cross-site scripting is already the most common variant of XSS" @lavakumark
2
3
DOM XSS retweeted
RIVER@wugeej
29 Oct 2018
[Tool] XSStrike v3.0 - Most Advanced XSS Detection Suite Reflected and DOM XSS Scanning Multithreaded crawling Context analysis Configurable Core Highly Researched Workflow WAF detection & evasion Handmade HTML & JavaScript parser Powerful fuzzing engine github.com/s0md3v/XSStrike

GitHub - s0md3v/XSStrike: Most advanced XSS scanner.

Most advanced XSS scanner. Contribute to s0md3v/XSStrike development by creating an account on GitHub.

github.com
2
4
DOM XSS retweeted
Anant Shrivastava
@anantshri
26 Oct 2018
Intelligent work by @lavakumark in DOMGO.AT selecting debug flag enables pre assigned debug locations to facilitate understanding of domxss working.
4
4
DOM XSS retweeted
techfindr@techfindr
16 Oct 2018
The newly discovered DOM-XSS vulnerability affects Tinder, Shopify, Yelp and many other. #DOM-XSS #hackers #security #cyber ow.ly/DNDc30mfswg
1
DOM XSS retweeted
Mohamed Haron@m7mdharon
16 Oct 2018
Seems that Hackerone staff give duplicate for the good reports and when you ask an invite to the main report .. the response is great too ( not duplicate) hackerone.com/reports/405191

DuckDuckGo disclosed on HackerOne: DOM XSS on 50x.html page

Hello, The is a DOM XSS vulnerability on https://duckduckgo.com/50x.html, it seems like the sink is DIV.innerHTML and the source is location.search. The PoC url is:...

hackerone.com
1
3
DOM XSS retweeted
Yasho
@YShahinzadeh
17 Oct 2018
WTF is that? hackerone.com/reports/418078
3
9
DOM XSS retweeted
SEC Consult@sec_consult
26 Sep 2018
What you see is not all you get: #XSS vulnerability in @KendoUI Editor allows remote attackers to inject arbitrary #JavaScript into the DOM of the #WYSIWYG editor r.sec-consult.com/kendo No Patch, but workaround by vendor #HTML #vulnerability #kendo #infosec
9
12
DOM XSS retweeted
n00py@n00py1
6 Sep 2018
Poll for web app testers: when Burp finds DOM XSS via static code analysis, how often do you find that you can exploit it?
2% Always
13% Most of the time
70% Rarely
15% Never
46 votes • Final results
1
2
DOM XSS retweeted
Youssef A. Mohamed@GeneralEG64
16 Aug 2018
DOM XSS at Cadillac (PoC) Video: youtu.be/OH1G5L1CHVI Closed as Informative Reason: The owner can't reproduce it. :3 #GeneralEG #BugsHunting
4
15
DOM XSS retweeted
Hurricane Labs@hurricanelabs
17 Aug 2018
Making Easy DOM XSS Actually Easy With Eval Villain - hurricanelabs.com/blog/makin… #firefox #web #extension #evalvillain #domxss

Making Easy DOM XSS Actually Easy With Eval Villain

This post introduces Eval Villain–a web extension for Firefox designed to improve the detection of DOM XSS.

hurricanelabs.com
2
6
DOM XSS retweeted
harisec@har1sec
26 Jul 2018
@0x6D6172696F DOM XSS inside an iframe via postMessage (the iframe is included in the main page, but hidden). What is the impact in this case OR is there an impact in this case?
1
2
DOM XSS retweeted
ØxOPOSɆC@OPOSEC
30 Jul 2018
Coinbase AngularJS DOM XSS via Kiteworks. goo.gl/GSGgjX ( ) #Security #178 (2017)
1
1
DOM XSS retweeted
Andrew van der Stock@vanderaj
30 Jul 2018
Learn DOM XSS if you don’t know it already. Follow @garethheyes
Gareth Heyes \u2028@garethheyes
29 Jul 2018
Bypassing DOMPurify with mXSS thespanner.co.uk/2018/07/29/…
2
1
7
DOM XSS retweeted
koto@kkotowicz
8 Jul 2018
Replying to @fenceposterror
And in general I don't think we are struggling with XSS because sanitization is hard. It's hard because the DOM APIs are insecure by default and in the end we end up with DOM XSS everywhere.
1
DOM XSS retweeted
Haxel0rd@haxel0rd
30 Jun 2018
Turning a DOM based #XSS into an attack to hack #XBOX online & live accounts. Microsoft has fixed it, so now releasing the #PoC vid that shows the #exploit in action. There was #NoBugBounty as MS has stopped BB's for online services. #hacking #ITSecurity youtube.com/watch?v=xfCUMH11…

Attack demonstration - hacking XBOX online and live accounts with DOM...

For more hacking stuff, check out my twitter: https://twitter.com/h...

youtube.com
1
12
22
Load more