DOM XSS

Coinbase AngularJS DOM XSS via Kiteworks: nice write-up by @PaulosYibelo bit.ly/2Mfb3SZ

DOM #XSS, it's time to say goodbye. See the newest status update on Trusted Types, delivered at #w3ctpac. The simplest polyfill is a tiny TrustedTypes={createPolicy:(n,rules)=>rules} (yes, that can help end DOM XSS), but there's so much more good news! tinyurl.com/tttpac

Writeup: DOM Based XSS in Alibaba's *.ucweb.com by @sudhanshur705 @sudhanshur705/story-about-my-first-bug-bounty-9fe710be8241" target="_blank" rel="nofollow noopener">medium.com/@sudhanshur705… #bugbounty #infosec #pentest #exploit #PoC #cybersecurity #hacking

[RecentQuestions] Is this code vulnerable to DOM based XSS jquery animate? dlvr.it/Qv7wRy [sec.stackexchange]

DOMXSSHilight:- Burp Extension in Python hilighting DOM Sinks and Sources using DOM XSS Wiki regex. github.com/sechacking/DOM…

"At @GoogleVRP, DOM based cross-site scripting is already the most common variant of XSS" @lavakumark

[Tool] XSStrike v3.0 - Most Advanced XSS Detection Suite Reflected and DOM XSS Scanning Multithreaded crawling Context analysis Configurable Core Highly Researched Workflow WAF detection & evasion Handmade HTML & JavaScript parser Powerful fuzzing engine github.com/s0md3v/XSStrike

Intelligent work by @lavakumark in DOMGO.AT selecting debug flag enables pre assigned debug locations to facilitate understanding of domxss working.

The newly discovered DOM-XSS vulnerability affects Tinder, Shopify, Yelp and many other. #DOM-XSS #hackers #security #cyber ow.ly/DNDc30mfswg

Seems that Hackerone staff give duplicate for the good reports and when you ask an invite to the main report .. the response is great too ( not duplicate) hackerone.com/reports/405191

WTF is that? hackerone.com/reports/418078

What you see is not all you get: #XSS vulnerability in @KendoUI Editor allows remote attackers to inject arbitrary #JavaScript into the DOM of the #WYSIWYG editor r.sec-consult.com/kendo No Patch, but workaround by vendor #HTML #vulnerability #kendo #infosec

Poll for web app testers: when Burp finds DOM XSS via static code analysis, how often do you find that you can exploit it?

DOM XSS at Cadillac (PoC) Video: youtu.be/OH1G5L1CHVI Closed as Informative Reason: The owner can't reproduce it. :3 #GeneralEG #BugsHunting

Making Easy DOM XSS Actually Easy With Eval Villain - hurricanelabs.com/blog/making-ea… #firefox #web #extension #evalvillain #domxss

@0x6D6172696F DOM XSS inside an iframe via postMessage (the iframe is included in the main page, but hidden). What is the impact in this case OR is there an impact in this case?

Coinbase AngularJS DOM XSS via Kiteworks. goo.gl/GSGgjX (+) #Security #178 (2017)

Learn DOM XSS if you don’t know it already. Follow @garethheyes

@fenceposterror And in general I don't think we are struggling with XSS because sanitization is hard. It's hard because the DOM APIs are insecure by default and in the end we end up with DOM XSS everywhere.

Turning a DOM based #XSS into an attack to hack #XBOX online & live accounts. Microsoft has fixed it, so now releasing the #PoC vid that shows the #exploit in action. There was #NoBugBounty as MS has stopped BB's for online services. #hacking #ITSecurity youtube.com/watch?v=xfCUMH…