[ / / / / / / / / / / / / / ] [ dir / abdl / b2 / baaa / choroy / dempart / doomer / jenny / vichan ]

/tech/ - Technology

Email
Comment *
Verification *
File
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Flag
Oekaki
Show oekaki applet
(replaces files and can be used instead)
Options

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.

File: e46c638db69dd26⋯.png (28.32 KB, 500x300, 5:3, the-virgin-coder-thinks-th….png)

 No.1060489

I found my first bug bounty...what can I do with it?

Its an XSS exploit. I sandwiched it in between a Login Id in burp and ran it in intruder. I got the code to run in the browser "<script>", but I need to get rid of these extra characters to run the alert. What do?

Heres the result:

<script>D2889FBA732284509F47C7D1D54FE5B87DBA7CD860B8565AD1C8AFF8A4666636E98D64BDE7AAEA6B910072A735CB16F5B03C8"},"env":{"RC_LOCATION_SEARCH_NEW_RC_SOLR_ENDPOINT":"/pws/v0/index/drive/search/"},"canEDModalBeDisplayed":false};

var pclnData = PCLN_BOOTSTRAP_DATA.pclnData || {};

</script>

The first string is the second half of the LogIn id, the rest is the code that got spit back onto the screen. I need to get rid of that text to run the exploit.

 No.1060529

File: 7ff69176776303c⋯.jpg (205.92 KB, 2048x803, 2048:803, DY1D1xNW0AE6vUB.jpg)

>posting a thumbnail


 No.1060543

thanks for the free bug, submitting it to Apache Solr as we speak :^)


 No.1060545

File: fe302531323aac2⋯.jpg (77.44 KB, 861x564, 287:188, OK6W_koKDTOqqqLDbIoPAllu8P….jpg)

>>1060543

> OP asks for help because he's incompetent

> α-Chad proceeds to cuck OP

> virgin_coder.png

this is perfect



[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[]
[ / / / / / / / / / / / / / ] [ dir / abdl / b2 / baaa / choroy / dempart / doomer / jenny / vichan ]