Pinned
The way you want it didn't work , then you sould to know how it works will eveuntully works the way want !!
\Ilyas ;)
3,616 posts
\Ilyas ;)
@Cyber78678
Content Creator | CTFs | Security Research | js, html, css speaks 6 languages
- Use ShodanX to find #Originip IP of your Target🎯 More ways: shorturl.at/bwK01 ShodanX: shorturl.at/eruB0
- Use this DORK to Find #SQLinjection: site:target. com inurl:php/?id= More Ways: youtu.be/CbdsidSQXps
- DOM-based XSS via DOM Invader Credit: @0xLeeBai DOM Invader can be found in burp’s build in browser, let’s open it.🧵🧵🧵
- Discover a $62,500 Facebook DOM XSS Account Takeover (ATO) bug reported by renowned researcher @samm0uda . Learn how this critical security flaw was exposed. Watch now: youtu.be/oO1_FJtDkT0 knowledge of JavaScript is prerequisite for this video Warmly welcome Feedbacks on this
- Main sinks that can lead to DOM-XSS vulnerabilities: 1. document.write() 3. document.writeln() 4. document.domain 5. element.innerHTML 6. element.outerHTML 7. element.insertAdjacentHTML 8. element.onevent 9. append() 10. after() 11. add() #javascript #domxss
- Lets recall how many Bug types you have in your memory: 1) SSRFs 2) IDOR/BOLA 3) XSS 4) SQLi 5) Privilege Escalations 6) BAC 7) ATO 8) RCE 9) LFI 10) Misconfigurations 11) Path Traversal #BugBounty
