Twitter Go on Twitter

Shadows...



Small note

For these that still thinking that those screens from Yahoo are fake/manipulated(there are few people):the answer is very simple-just use "document.write" before "alert" e.g: document.write('something');alert(/another something/.source) if you don't want to disclose content of  the current page

Here is example:




Several XSS flaws in different Yahoo! sub-domains

One of these subdomains have a very "strong" filter:<script> is blocked ...but no surprise <ScRipT> is allowed 





that's for now...


Blog

10 December 2016

Shadows...



Read more

09 April 2012

Small note

For these that still thinking that those screens from Yahoo are fake/manipulated(there are few people):the answer is very simple-just use "document.write" before "alert" e.g: document.write('something');alert(/another something/.source) if you don't want to disclose content of  the current page

Here is example:




Read more

08 April 2012

Several XSS flaws in different Yahoo! sub-domains

One of these subdomains have a very "strong" filter:<script> is blocked ...but no surprise <ScRipT> is allowed 





that's for now...


Read more